Jump to content

Node JS Theory - Implementing API V1

Worldofjimmy

By Worldofjimmy
in Web Development

 Share

Recommended Posts

Worldofjimmy

Worldofjimmy

Posted
Posted

Hi,

 

I would like to discuss best practice for implementing the API the correct way.

I have not been working with APIs before but I was thinking of this way to implement it.

 

Scenario one someone enters the homepage

Spoiler

 

Middleware  -  Check if a token is stored in the session, if not get a token.

Middleware  -  Check if token is expired, if expired refresh token stored in session

If token stored in session and is not expired proceed with request.

 

 

Scenario two user checks leaderboard.

Spoiler

 

Middleware  -  Check if a token is stored in the session, if not get a token.

Middleware  -  Check if token is expired, if expired refresh token stored in session

If token stored in session and is not expired proceed with the request

 

 

For user authentication to login on the website do all the accounts need to have access to the API?

 

How would you implement it? 

Link to comment
Share on other sites
jcsnider

jcsnider

Posted
Posted

You should never provide individual users with API access. Instead your NodeJs app will have an API account and it will use that to validate passwords as your users login and your app will then do its own permissions for each user so you can determine who can access what.  Your NodeJs app would send any API calls that the users need for them.

 

Link to comment
Share on other sites
Worldofjimmy

Worldofjimmy

Posted
  • Author
Posted
On 9/14/2019 at 7:45 AM, jcsnider said:

You should never provide individual users with API access. Instead your NodeJs app will have an API account and it will use that to validate passwords as your users login and your app will then do its own permissions for each user so you can determine who can access what.  Your NodeJs app would send any API calls that the users need for them.

 

 

Okay I understand. Use NodeJs app account for API.

 

So in theory - Login function

 

The user provide with username and password.

 

API account takes the credentials and check with API

https://docs.freemmorpgmaker.com/api/v1/endpoints/users.html#validate-password

 

Depending on the response, if the response is "Message" : "Password Correct"

Fetch users data and then redirect user to his profile page.

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...