...

Solution: Securing APIs

Let’s define an API in Auth0 and collect access control parameters by updating the credit-check service.

We'll cover the following...

Defining API in Auth0
Collecting the API’s access control parameters
Updating the credit-check-secure Node.js project
Testing API security

This exercise focuses on using Auth0 to define API security, collecting the access control parameters, modifying API source code, and then testing the results.

Defining API in Auth0

The exercise instructions included the name of the new API security definition (bigco-credit-check). To create this definition, we need to log in to the http://auth0.com website and navigate to the dashboard page. There, we can select the API’s options in the left navigation pane and, when the list of APIs appears, click the “Create API” button that appears in the top-right corner of the screen. This brings up the “New API” dialog box, where we can enter “bigco-credit-check” into the “Name” field. We also need to enter our API identifier (for example, http://api.mamund.com/bigco-credit-check). Once both values have been supplied, click the “Create” button at the bottom of the dialog box. This completes the definition and takes us to the new landing page for that API.

Collecting the API’s access control parameters

The next step is to collect the five ...

Introduction

Understanding HTTP, REST, and APIs

Modeling APIs

Designing APIs

Describing APIs

Sketching APIs

Prototyping APIs

Building APIs

Testing APIs

Securing APIs

Deploying APIs

Modifying APIs

Some Parting Thoughts

Appendixes

Solution: Securing APIs

Defining API in Auth0

Collecting the API’s access control parameters