Tutorial: Securing API Endpoints

Visualizing The API

PassportJS Local Authentication

In the first part of our API we will make use of PassportJS’ ‘local’ strategy to provide basic username and password authentication.

This strategy is ideal if your requirements are fairly basic and you’re looking to authenticate users who may be supplying their credentials via a web site or some other means.

Our output, in this case, will be a JSON Web Token, or JWT, which is signed by our API.  To access other resources that our API may expose (in this case some mock user profile data), the user has to supply the JWT in their request in order for us to verify it.

PassportJS JWT Strategy

Up Next: Describing the API

Pages: 1 2 3 4 5

Written by YourAPIExpert