Jump to content
Worldofjimmy

Node JS Theory - Implementing API V1

Recommended Posts

Hi,

 

I would like to discuss best practice for implementing the API the correct way.

I have not been working with APIs before but I was thinking of this way to implement it.

 

Scenario one someone enters the homepage

Spoiler

 

Middleware  -  Check if a token is stored in the session, if not get a token.

Middleware  -  Check if token is expired, if expired refresh token stored in session

If token stored in session and is not expired proceed with request.

 

 

Scenario two user checks leaderboard.

Spoiler

 

Middleware  -  Check if a token is stored in the session, if not get a token.

Middleware  -  Check if token is expired, if expired refresh token stored in session

If token stored in session and is not expired proceed with the request

 

 

For user authentication to login on the website do all the accounts need to have access to the API?

 

How would you implement it? 

Share this post


Link to post
Share on other sites

You should never provide individual users with API access. Instead your NodeJs app will have an API account and it will use that to validate passwords as your users login and your app will then do its own permissions for each user so you can determine who can access what.  Your NodeJs app would send any API calls that the users need for them.

 

Share this post


Link to post
Share on other sites
On 9/14/2019 at 7:45 AM, jcsnider said:

You should never provide individual users with API access. Instead your NodeJs app will have an API account and it will use that to validate passwords as your users login and your app will then do its own permissions for each user so you can determine who can access what.  Your NodeJs app would send any API calls that the users need for them.

 

 

Okay I understand. Use NodeJs app account for API.

 

So in theory - Login function

 

The user provide with username and password.

 

API account takes the credentials and check with API

https://docs.freemmorpgmaker.com/api/v1/endpoints/users.html#validate-password

 

Depending on the response, if the response is "Message" : "Password Correct"

Fetch users data and then redirect user to his profile page.

 

 

Share this post


Link to post
Share on other sites
On 9/16/2019 at 8:03 PM, jcsnider said:

Yup

 

 

The Refresh token, Will it expire at the same time as access token?

 

is there a smart way to build a function to check if access token has expired?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...