Chapter 6. Keeping the Bad Guys Out
Once deployed in production, an application is exposed to a large number of requests. Inevitably, some of them will be malicious. This implicitly brings the requirement of granting explicit access permissions. That is, authenticating a selected number of consumers to have access to your service. Most of the consumers will use the service only for data provisioning. However, a few will need to be able to provide new, or modify the existing, contacts data. In order to ensure that only appropriate consumers will be able to execute POST
, PUT
, and DELETE
requests, we will have to introduce the concept of authorization into our application, which will grant only explicitly selected users modification permissions. ...
Get RESTful Web API Design with Node.js - Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.