Chapter 4. Securing Your Backend

In the previous chapters, we built a rudimentary but functional backend layer by layer to provide basic services for a basic shop-like app. So far, we haven't been paying too much attention to security; everyone with access to the server can execute any command exposed by our API, even if it involves deleting the whole product database!

In this chapter, we are going to remedy this by building a basic security mechanism in order to control user access. Specifically, we will deal with token-based authentication and show you how this makes it easy to limit access to your backend. By doing this, we will introduce the concept of roles and how they figure in our authentication scheme.

Understanding the outcomes of token-based ...

Get Learning Node.js for Mobile Application Development now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.