If you’re a full stack Javascript developer, Strapi is a CMS that may be worth your time to learn more about. Strapi is an open-source headless CMS built on top of Node.js that’s free to use; although there are some features that are only included in their enterprise edition, which uses a “flexible pricing” model. In that sense, it’s a bit similar to using Directus API, except that Directus doesn’t feature a free tier.
Unlike WordPress, Strapi does require some basic level of proficiency in coding and software development to get started; however, if you are a developer it offers a nice balance between “out-of-the-box” functionality and ample room for customization without all the overhead present in WordPress. Strapi does provide an intuitive and easy to use admin interface, though, which can help streamline the development process, specifically in terms of data management, and non-technical user and clients can quickly begin using the dashboard for building content with little effort.
Also, since Strapi is headless, developers can easily build the front-end in the framework of their choice. I personally use Next.js/React.js, but it will work with any other front end stack and there is a lot of plugin support for integrating with Gatsby. It also automatically natively allows queries using both REST and GraphQL, allowing for greater versatility.
Below, I’ve compiled five good reasons to consider using Strapi for your next development project:
1. Ease of Use and Customizability
Getting started with Strapi is very easy – similar to running create-react-app or create-next-app, just run
npx create-strapi-app <project-name>
then follow the prompts for configuring your project. I prefer to configure my project with PostGres for my database and TailwindCSS (support for both is offered through the setup command prompt options).
Once the project is running, the user can easily begin modeling data through the Content Builder, which is a plugin that’s automatically included with Strapi. The only downside that gets brought up about working with data in Strapi is that it doesn’t support migrations, and trying to work directly with the database could compromise the robustness of the application since Strapi has it’s own internal mechanism for tracking database changes. If there’s a requirement that would entail a custom data solution, setting up a separate micro-service might be a better approach that will not affect the integrity of the primary backend application.
Another important feature that contributes to the ease of developing with Strapi is the thorough documentation provided by Strapi itself, including ample tutorials and an informative blog. Because Strapi is open source, there’s also a large community of both developers and users who offer support through various forums.
2. Intuitive Interface For Managing Data and Backend Services
Strapi handles most of the heavy lifting for working with data. Aside from the Content Builder feature mentioned above, it automatically generates the Content API for programmatically accessing the data from the front end. Both GraphQL and REST APIs are supported by the Content API, which is itself built atop the Entity API And Query Engine API. The latter cases are more intended for use by developers who are building plugins or for edge cases not covered by the default Content API. Access to these endpoints are protected by default, which will be covered in the next section.
The admin interface itself is quite easy and intuitive to use, and unlike WordPress there aren’t any predefined entities (Posts, Pages, Taxonomies, etc…). There are three default categories of entities that can be created:
- Component Types – Reusable, composite blocks of basic components such as text inputs, enumerations (select inputs), rich text inputs, media uploads, and relational fields.
- Collection Types – The primary entities queried by the Content API used for populating data on the front end. These include user defined entities such as posts and pages, and I’ve used for other customized queryable objects like Datasets and Taxonomies.
- Single Types – Single, ordered compositions of specific objects defined in Collection types. These can be used for defining specific Collection entities such as paragraphs, so they can be used for defining the content structure for specific pages. I recently used single types to create specific, ordered collections of dataset references for use in an interactive visualization.
3. Authentication Out of the Box
Strapi ships with a versatile authentication and user management system. Apart from adding and removing new users and configuring their permissions, Strapi also supports generating API tokens that can be granted specific levels of access and JWT tokens that can issued to users who are only accessing content through the front end. A developer can easily leverage the Users and Permissions plugin to build out a front end flow for user registration, login, and password reset.
Strapi is also set up to allow for easy OAuth configuration. The documentation for the User and Permissions plugin has ready-made instructions tailored to several providers, such as Facebook, Discord, and Google. SSO is available in the enterprise edition of Strapi, but for most purposes what’s included in the free edition should be sufficient to for a start, unless the application is being integrated into a system that needs federated identities.
4. Marketplace for Plugins and Easy Integrations
Above, I’ve mentioned several services and prepackaged plugins that ship with Strapi, such as the Content Builder, Content Manager, and Users and Permissions plugins. One plugin that I would highly recommend adding to an application is the strapi-plugin-populate-deep plugin, which ensures that when querying a collection type, the request receives all of the data necessary for populating the front end. This can be a bit of a gotcha for devs new to Strapi, since a query may not return the needed attributes for nested Image fields or relations.
A few categories of plugins that can be found in the marketplace are:
- Analytics and Observability – Google Analytics and Sentry
- Data Pipelines – Kafka and Sockets
- Front end utilities – SEO, Comment Moderation, and Custom Links to name a few.
Plus there are many other plugins that can be added to enhance Strapi’s dashboard and content builders, integrate with third party services, and other useful utilities.
5. Security
Headless CMS generally offer an additional layer of security by allowing for a separation of concerns between the administrative backend and the public facing front end of an application (technically two separate applications). Front end users have a larger degree of separation from the actual database, and in Strapi even defined routes don’t directly expose the database itself – further enhancing the security of the application.
Strapi is also open source software that is maintained by a large community of developers. This can mean that you have more independent eyes on the code base available to spot vulnerabilities and open fixes. While being “open source” doesn’t necessarily mean that a software product is more secure, it does have advantages when there is a large community of developer support.
There are a few known and disclosed vulnerabilities Strapi, but if following best practices the risk associated with these vulnerabilities are relatively low. Since access in data is restricted, properly configuring roles and access is key to maintaining security, and most of that functionality is shipped with ever Strapi installation.
Conclusion
If you have a basic understanding of modern javascript, Strapi can provide a great alternative to more traditional CMSs like WordPress. It also does not have the same level of overhead that can be found with WordPress, and it is designed to be much more customizable in terms of how data and entities are structured in the backend. Strapi’s ease of use, its customizability, and its robust ecosystem of plugins and community support make it an excellent choice for solo developers and teams to quickly bootstrap new full stack projects. Since it is headless, it can be easily integrated into an existing distributed architecture and offers greater versatility for choosing the front end stack one wishes to use.