In the previous chapters, we built a rudimentary but functional backend layer by layer to provide basic services for a basic shop-like app. So far, we haven't been paying too much attention to security; everyone with access to the server can execute any command exposed by our API, even if it involves deleting the whole product database!

In this chapter, we are going to remedy this by building a basic security mechanism in order to control user access. Specifically, we will deal with token-based authentication and show you how this makes it easy to limit access to your backend. By doing this, we will introduce the concept of roles and how they figure in our authentication scheme.