I am doing a side project, with purpose of learning to separate front-end and backend, and I decided to use express with node, to design a REST Api as my backend.
My question is, how do I authenticate my restful api. I saw some tutorials, but they always connect frontend and backend by using serverside rendering with jade or ejs, and I'm not interested with that.
How do I authenticate each user and give them access only to certain data and also how do I design endpoints that are only accessible by my front-end application?
I would really appreciate help. Also you can send links to articles that describe this king of authentication and project architecture, because I feel that i'm looking in the wrong places, and need some help.
Related
I'm fairly new to the webdev. I have a React frontend built with Vite, and a Node.js backend that uses MongoDB. I finished my little project and when It came to deploy it to my Linux server, I got confused about how to handle API calls.
Is there any way to hide API URL's on frontend apps? Because everything is done in client side, and frontend is basically an interface between user and backend, that should be impossible. But how does for example, big companies like Facebook handle this? If I go to Facebook and inspect the code, can I find the exact IP and API address that facebook backend serves me the posts? Or are there any tricks to make this more secure? What are the industry standards are on this topic?
The interface between your web application in the browser and your backend service is HTTP(s). There are HTTP verbs such as GET, POST, DELETE, etc. You can pass argument or information to your backend services via query parameters which are visible in the URL, or you can send it in the body of a request. An HTTP POST, for example would have a body that is not seen or viewable unless the end user made specific effort to view it.
I am new to Stackoverflow so please forgive me if my question is bit difficult to understand. However, background of my problem is following.
I have created a NodeJS RESTful API based on the following tutorial -
https://www.codementor.io/olatundegaruba/nodejs-restful-apis-in-10-minutes-q0sgsfhbd
I have also created a Vue based frontend what I use to display data from database with GET request, POST new data to database and also PATCH/DELETE requests.
I need to create a login/registration system to secure my api endpoints so that the unauthorized person cannot see/delete/modify the content but I have no idea where to start or how to implement it.
My project frontend and backend repositories are visible on:
Frontend - https://github.com/umbluu/mufc-api-fe
Backend - https://github.com/umbluu/mufc-api-be
Can someone please point out some hints/tips how to proceed with my task?
I apologize if this is a really basic question, but I am a beginner with a fundamental lack of understanding of how a React app works. Right now I am creating an app which uses Spotify API, including authentication. With React, I want to be able to fetch the data in my components. However, the API does not let me as it is meant to be fetched from 'server side'. My question is, how is the distinction made / how would I go about creating a 'server side' where all I do is authenticate and retrieve data from the api?
React is:
A JAVASCRIPT LIBRARY FOR BUILDING USER INTERFACES
So it is meant to develop client side of the applications (even though this can be done server side). Therefore would not it be better to use one of existing client side packages to access spotify api, like these ones: Spotify Web API JS, Spotify Web API Node
More packages are mentioned in the
spotify web api page, have a look.
I understand that Express resides on the server and Angular resides on the client but, as far as I know, Angular can do everything that Express can do which is
routing
interacting with the database
It kind of seems like maybe Express is needed in order for an AngularJS app to be served by Node.js but I'm not sure.
So what are the benefits to adding Express to an AngularJS app?
There are things which should be done server side (i.e. Express, not Angular), most notably user input validation - Angular, as it's client side, can be tampered.
Also, if you'll ever want to offer access type other than web app (i.e. mobile app), you'll probably need an API anyway - Express can do this, Angular don't.
Finally, database access - usually Angular app will need to connect to some kind of backend to perform CRUD operations. You'll either go with hosted DB like Firebase, or you'll end up using your own database. Latter scenario is more popular and you'll need Express (or similar) for that.
Express and AngularJS do not mutually exclude one another, they serve different purpose - in fact it's perfectly fine to use both - express for all your serverside logic, and Angular for client side logic.
Express can be used to host the APIs for AngularJS's service/factory to consume. You can consider AngularJS as MVC and the API on Express as SOA.
There is lot of stuff that one wants to control from server. And that is the place where the server side frameworks come into picture.
An web app is not just some html pages linked together. There are lot of other things that needs to be implemented
Model validation.
Keeping model consistent. Remember multiple users can access the same model at any give time and even change it.
Controlling resource access.
Triggering workflows.
Business Logic.
and other such thing require a server framework. So as mentioned earlier the client side frameworks like AngularJS complement server side frameworks.
I'm using a Symfony2 backend and AngularJS frontend in one project. Symfony is used to show the initial view and provide a RESTful API with AngularJS embedded into the view.
Basically AngularJS will be used for the frontend (view) and calling Symfony API to interface with the database (model).
I have a bunch of Angular http gets and posts which exposes the URL to my API . What would be the best way to secure the API in my scenerio?
I do have access to server-side with Angular but how do I pass that authentication from Symfony to Angular?
Thanks for the help.
This is a common need, and there are several approaches - but they usually settle on using sessions.
You might find this article to be a good overview of an AngularJS-specific implementation...
http://www.espeo.pl/2012/02/26/authentication-in-angularjs-application