Middleware is one of the most confusing and ambiguous terms used in the web development industry. The concept of middleware itself is different on every platform, what is referred to as a middleware in one framework can have a completely different meaning in another.

In fact, I’ve taken this quote directly from Wikipedia, it states that "middleware is sometimes used in a similar sense to a software driver, an abstraction layer that hides detail about hardware devices or other software from an application".

But if you have been working in JavaScript and Node.js for a while, you will notice that definition doesn't seem to fit our definition of what a middleware might be.

Here are two more quotes from Microsoft and Red Hat.

Middleware is software that lies between an operating system and the applications running on it.


Middleware is software that provides common services and capabilities to applications outside of what’s offered by the operating system


As you can see, middleware is a term used in the operating systems world. The traditional definition of a middleware is more related to lower levels of programming that is closer to the computer's hardware.

For us Web Developers, this might be a better definition.

Middleware is a (loosely defined) term for any software or service that enables the parts of a system to communicate and manage data. It is the software that handles communication between components and input/output, so developers can focus on the specific purpose of their application.

In server-side web application frameworks, the term is often more specifically used to refer to prebuilt software components that can be added to the framework's request/response processing pipeline, to handle tasks such as database access.


The Modern Middleware of the Web

Middleware in the context of the Internet and Web is different from traditional middleware. Here are some concrete examples of modern frameworks that have middleware in it.


Middleware functions are functions that have access to the request object (req), the response object (res), and the next function in the application’s request-response cycle. The next function is a function in the Express router which, when invoked, executes the middleware succeeding the current middleware.



Middleware provides a convenient mechanism for filtering HTTP requests entering your application. For example, Laravel includes a middleware that verifies the user of your application is authenticated. If the user is not authenticated, the middleware will redirect the user to the login screen. However, if the user is authenticated, the middleware will allow the request to proceed further into the application.

Additional middleware can be written to perform a variety of tasks besides authentication. A CORS middleware might be responsible for adding the proper headers to all responses leaving your application. A logging middleware might log all incoming requests to your application.

There are several middleware included in the Laravel framework, including middleware for authentication and CSRF protection. All of these middleware are located in the app/Http/Middleware directory.



Middleware are software components that are assembled into an application pipeline to handle requests and responses. Each component chooses whether to pass the request on to the next component in the pipeline, and can perform certain actions before and after the next component is invoked in the pipeline. Request delegates are used to build the request pipeline. The request delegates handle each HTTP request.


Most Common Real World Use Cases of Middleware

Here is a list of common use cases I have seen for middleware.

  1. Object transformation

  2. Filtering and sanitization of data

  3. Validation

  4. Logging

  5. API rate limiting and throttling

  6. API Security (authentication and authorization)

  7. Changes in meta-data like headers

  8. Separation of concerns through layers by adding additional layers by design

  9. Making reusable middleware layers that can be used in different routes

  10. Decryption of parameters in the URI and headers

  11. Calling an external service and passing those parameters down

These are just some examples of real world use cases I have seen, this is such a broad topic because in reality, your entire application can just use middleware and you would be just fine. Whatever the case, make sure to use middleware to your advantage as it provides a very nice way to abstract even more layers out in your application if needed.

Last updated