Book Image

Beginning API Development with Node.js

By : Anthony Nandaa
3.5 (2)
Book Image

Beginning API Development with Node.js

3.5 (2)
By: Anthony Nandaa

Overview of this book

Using the same framework to build both server and client-side applications saves you time and money. This book teaches you how you can use JavaScript and Node.js to build highly scalable APIs that work well with lightweight cross-platform client applications. It begins with the basics of Node.js in the context of backend development, and quickly leads you through the creation of an example client that pairs up with a fully authenticated API implementation. By the end of the book, you’ll have the skills and exposure required to get hands-on with your own API development project.

Related Content you might be interested in

Current Title:

Small book image
Beginning API Development with Node.js
Anthony Nandaa
Jul, 2018 | 100 pages
Small book image
Hands-On RESTful Web Services with TypeScript 3
Biharck Muniz Arajo
Mar, 2019 | 470 pages
Small book image
Building Python Web APIs with FastAPI
Abdulazeez Abdulazeez Adeshina
Jul, 2022 | 216 pages
Small book image
Web Development with MongoDB and Node
Bruno Joseph Dmello
Sep, 2017 | 330 pages
Table of Contents (9 chapters)
Title Page
Title Page
Packt Upsell
Packt Upsell
Contributors
Contributors
Preface
Preface
Free Chapter
1
Introduction to Node.js
Introduction to Node.js
The Basics of Node.js
The Module System
Asynchronous Programming with Node.js
Summary
2
Building the API - Part 1
Building the API - Part 1
Building a Basic HTTP Server
Setting up Hapi.js
Understanding Requests
Summary
3
Building the API - Part 2
Building the API - Part 2
Working with the DB Using Knex.js
Authenticating Your API with JWT
Testing Your API with Lab
Summary
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Authenticating Your API with JWT

So far, we have been using our API without any authentication. This means that if this API is hosted at a public place, anyone can access any of the routes, including deleting all our records! Any proper API needs authentication (and authorization). Basically, we need to know who is doing what, and if they are authorized (allowed) to do that.

JSON Web Tokens (JWT) is an open, industry standard method for representing claims securely between two parties. Claims are any bits of data that you want someone else to be able to read and/or verify but not alter.

To identify/authenticate users for our API, the user puts a standard-based token in the header (with the Authorization key) of the request (prefixing it with the word Bearer). We will see this practically in a short while.

Exercise 19: Securing All the Routes

In this exercise, we're going to secure all the /todo/* routes that we created so that no unauthenticated user can access them. In the Exercise 21: Implementing...

Previous Section
End of Section 3
Next Section