Recs.
Updated
Specs
Pros
Pro Swagger support -> client SDK generation
Generates swagger.json based on API definition. With this metadata about the API, client code can be generated for almost any mainstream language. There is also a side-project which can generate Angular 2+ client code (model and HTTP-access): https://github.com/mean-expert-official/loopback-sdk-builder
Cons
Con Not easy to restrict access
For relatively open APIs, it's not a problem. But when building complex applications with many different roles and when parts of the model have restricted access, there are many places to configure or program access rules. Example: relations to other models can be included (like GraphQL), but if not all roles have access to those relations, it's hard to protect data programmatically. There is no built-in support to protect "tenant"-data from unauthorized access.