After reading this chapter, you will understand what token-based authentication is and how it can be used to limit the functionality of an API based on a user's status. You will further understand what roles are and how they affect authentication. Finally, you will know how to implement this authentication mechanism using only the technologies that we have introduced so far.
Before we start writing code, let's have an overview of the concepts involved and how they relate both to security and one another.
Security has always been one of the most pressing concerns in all areas of software development. It is almost never enough to have a system that is fast, scalable, and robust if it doesn't have an adequate mechanism to protect it from malicious users.
In the context of publicly accessible servers such as ours, security is all the more pressing since our API will be exposed to an entire planet of...