Get Programming with Node.js

Lesson 28. Adding API Security

In this lesson, you apply a few security strategies to your API routes. Without a browser to store cookies, some external applications may find it difficult to use your API without a way to verify the user’s identity. First, you implement some basic security by providing an API token that must be appended to each request. Then you improve that strategy by generating a unique API key for each user upon account creation. Last, you explore JSON Web Tokens (JWT), a system of hashing user data and exchanging tokens to authenticate user accounts without a browser.

This lesson covers

Adding security-token-verification middleware
Creating a pre("save") hook to generate API keys
Implementing JWT header authentication ...

Get Get Programming with Node.js now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Get Programming with Node.js by Jon Wexler

Lesson 28. Adding API Security

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly