node.js - API Authorization Strategy -


i have web application in node js consumes api aspects of content of website e.g news. api written in node.js , points mongodb database.

i advice best authorization strategy type of requirement. don't need user-name , password solution (i don't think). sort of static token web app can pass api applications have token can browse data returned api. want stop old application consuming api.

here best blog can how authenticate rest api in node js of basic http authentication, oauth1 , oauth2

https://stormpath.com/blog/secure-your-rest-api-right-way

basically there 3 type of authentication used

  • basic authentication
  • oauth1.0a
  • oauth2

http basic authentication

  • more convenient, can expire or regenerate tokens without affecting user's account password.

  • if compromised, vulnerability limited api, not user's master account

  • you can have multiple keys per account (e.g. users can have "test" , "production" keys side side.)

oauth1

oauth 1.0 requires client send 2 security tokens each api call, , use both generate signature. requires protected resources endpoints have access client credentials in order validate request.

oauth2

oauth 2.0 signatures not required actual api calls once token has been generated. has 1 security token.

here describes difference between oauth 1.0 , 2.0 , how both.


Comments

Popular posts from this blog

wireshark - USB mapping with python -

c++ - nodejs socket.io closes connection before upgrading to websocket -

Deploying Qt Application on Android is really slow? -