...

/

Solution: Securing APIs

Solution: Securing APIs

Let’s define an API in Auth0 and collect access control parameters by updating the credit-check service.

This exercise focuses on using Auth0 to define API security, collecting the access control parameters, modifying API source code, and then testing the results.

Defining API in Auth0

The exercise instructions included the name of the new API security definition (bigco-credit-check). To create this definition, we need to log in to the http://auth0.com website and navigate to the dashboard page. There, we can select the API’s options in the left navigation pane and, when the list of APIs appears, click the “Create API” button that appears in the top-right corner of the screen. This brings up the “New API” dialog box, where we can enter “bigco-credit-check” into the “Name” field. We also need to enter our API identifier (for example, http://api.mamund.com/bigco-credit-check). Once both values have been supplied, click the “Create” button at the bottom of the dialog box. This completes the definition and takes us to the new landing page for that API.

Collecting the API’s access control parameters

The next step is to collect the five ...