Features

You and your coworkers and partners need to know what Apostrophe can do. And you need to make the case for Apostrophe in your organization. We can help.

We'll start by sharing what Apostrophe can do from a user's perspective. Then we'll dive into the juicy developer stuff. And we'll wrap up by answering some common concerns about Apostrophe.

Features for editors and site visitors

Features for developers

The right technology choices

Creating new types of content is easy

Making the front end great

More developer features

Making the case for Apostrophe

You want to use Apostrophe. Others aren't so sure. We get it. Here are some frequently raised concerns and our responses.

"Isn't Apostrophe proprietary?"

No. Apostrophe is open source and available on github. Anyone can contribute to the project, and the MIT license guarantees its future as an independent project. See also community support and the developer directory, which you are welcome to join.

"But the community is still small..."

Just as Wordpress is a PHP project and any PHP developer can work on it, Apostrophe is a JavaScript project and any JavaScript developer can work on it.

And JavaScript is a part of every website; virtually every web developer is a JavaScript developer because JavaScript is in every web browser.

In addition, there is a very large community of Node.js developers who specialize in server-side JavaScript code. Apostrophe is built on Node.js.

"Isn't Node.js new and risky?"

No. Node.js was released in mid-2009. In the past eight years it has matured into a stable platform used in production by many major companies, including Netflix, PayPal, Medium, LinkedIn, Uber and the New York Times, among many others.

The core of Node.js is v8, the same open-source, free implementation of JavaScript that powers Google's Chrome, the most popular web browser in the world. That code has been "vetted" much more fiercely than PHP.

"What about security?"

The most common security issue with PHP-powered websites, such as those built in Wordpress or Drupal, is SQL injection. Apostrophe's choice of a non-SQL database with an API design that does not mix commands and data makes this type of attack impossible.

Apostrophe's login mechanism is based on correctly hashed and salted passwords, stored in a separate database "collection" so that there is no possibility of accidental exposure when displaying information about users in a routine way.

There has recently been coverage of some security challenges faced by developers that did not correctly secure MongoDB after installing it. This was an oversight in configuring MongoDB, not a bug in the database. When properly configured to restrict connections or require a password (which Apostrophe supports), MongoDB is highly secure.

On an end user level, Apostrophe offers the ability to secure pages or entire portions of the site so that only certain users or groups of users can edit or view that content.

"What about integration with other platforms?"

Apostrophe supports the oEmbed standard, an open standard for embedding third-party services. This allows Apostrophe's video and embed widgets to accommodate most integrations you'll want to handle.

The great majority of other services offer a "generic embed code" that can be added to page templates or, if you choose to enable it, pasted into our raw HTML widget.

Since it is built on Node.js, Apostrophe is also a great starting point for integrating with third party APIs to build richer experiences.