Protect and proxy API endpoints with easy to implement auth layer for free forever using lolo
Have you ever come across an API that you wanted to protect with a token or a password but was taken aback by the complexity of having to build a whole auth module around it? Today I will show you a simple way you can achieve this with the help of an tool called lolo.
New tools are always exciting to work with as they help solve our pain points relatively easily by making the whole process much faster. Today I am going to talk about one such tool that made the process of protecting public API’s with auth super easy for me, which we can extend to do more like rate limiting, protect secret keys and many more.
In order to demonstrate the capabilities of lolo, we will take a public API from JSONPlaceholder, specifically the posts endpoint, which can be publicly accessed and we will protect it with an API token.
Setup
Lolo is in private beta but you can apply for a sign up code to receive access. Your first two apps are completely free (forever). You can do that on their homepage here. Once you receive a code and signup, you will be taken into the dashboard where you can create apps. Here you can select create app button to create a new application.
Let us now give our app a new name and a sample description to help us remember what our app does. Once you do that and click on next, you will be taken to the IDE lolo provides us where we can create our serverless functions.
Application
Let us now start creating our application. Lolo is structured in a way that you can create a bunch of reusable functions that you can reuse across app so it saves you time while building your application. It comes with few function prebuilt which makes our process of protecting our API a lot easier. To get started we will first make use of three functions from Lolo code,
- LOLO/ HTTP TRIGGER
- LOLO/LOLO API AUTH
- OUR FUNCTION (Which we write)
You can find function 1. and 2. from the sidebar present in the IDE and you click on those to add them to the canvas. You can click on the New function button on the right corner to add our custom function i.e, 3. to the canvas as well.
We will now first edit out HTTP TRIGGER to take HTTP GET requests and forward that to API AUTH which will check to make sure the token is present and if the token is present it will forward the event to our new function where we write the logic to handle it. API AUTH provides authentication out of box so we don’t have to build it ourselves. After adding the config and connecting all of these together, this is what they are going to look like —
Let us now configure our custom function, we will first rename our function to something meaningful, double click on the function to go into function code editor where on the top bar you can click on settings and we can give our function a name and a meaningful description. We will then select ports on the left sidebar and click on the delete icon and remove the port as we don’t need to forward this to any other function. We will then click on back to go back to the canvas and this is how your functions should look —
And the final step of the process is to actually write the code in the function to fetch API’s from the JSONplaceholder API and return it as a response to our function call, we will make use of popular library for this called Axios.
Double click on FETCH POSTS function and paste the below code into the editor —
And for the final step we will add axios as a dependency for our app in lolo so that it will install it during the deploy process of our application, to do that, we need to go into settings and then choose modules from the right sidebar and add axios —
We can now finally save our function and give it a meaningful save message and then click on run to run our API that is protected by a token, you will have to give it a mintue or two to deploy our function and our logs should look like this —
I will now show you how to get the endpoint and also how to create a token so you can successfully call the endpoint. To first get the external URL that you can call, you need to double click on HTTP trigger and select external URL from the right sidebar and you can copy your URL from there —
Now when we make an API call to the endpoint, we will receive a 401 unauthorised error like below —
We will now generate an access token from the UI so we can successfully authenticate and get the response from JSONplaceholder API. To do that, we need to go into admin section, API keys and create an API key. Now copy that API key you newly created and we will need to pass it as a header with key Lolo-Api-Key
and we will get a successful response.
That’s all, now our API is protected without us having to build an auth module ourselves. You can also further modify the code in the function to implement more functionalities like rate limiting, ect. and you can read through lolo documentation to understand it much better — https://docs.lolo.company