Challenge: Securing APIs

Explore how to secure APIs by defining machine-to-machine identities in Auth0, implementing OAuth and JWT for access control, and updating Node.js projects with middleware. This lesson guides you through generating and validating JWT tokens and testing secured API endpoints to ensure robust API security.

We'll cover the following...

Exercise
Defining the API in Auth0 and collecting access control parameters
Updating the credit-check-secure Node.js project
Testing your API security

Exercise

For this exercise, you’ll define an M2M identity in Auth0 for your credit-check service and then update your code to support access control using OAuth and JWTs. Along the way, you’ll use the security bash scripts to request a valid JWT and then use it to make secured requests of your updated credit-check service.

Defining the API in Auth0 and collecting access control parameters

First, sign into the Auth0 website and define or create a new API called bigco-credit-check. Then collect the five important access control parameters

...

1.Introduction

2.Understanding HTTP, REST, and APIs

3.Modeling APIs

4.Designing APIs

5.Describing APIs

6.Sketching APIs

7.Prototyping APIs

8.Building APIs

Project

9.Testing APIs

10.Securing APIs

11.Deploying APIs

Project

12.Modifying APIs

13.Some Parting Thoughts

14.Appendixes

Challenge: Securing APIs

Exercise

Defining the API in Auth0 and collecting access control parameters