Protect and proxy API endpoints with easy to implement auth layer for free forever using lolo

Have you ever come across an API that you wanted to protect with a token or a password but was taken aback by the complexity of having to build a whole auth module around it? Today I will show you a simple way you can achieve this with the help of an tool called lolo.

New tools are always exciting to work with as they help solve our pain points relatively easily by making the whole process much faster. Today I am going to talk about one such tool that made the process of protecting public API’s with auth super easy for me, which we can extend to do more like rate limiting, protect secret keys and many more.

Lolo Code is an Integration Function as a Service (iFaaS) platform that allows you to build cloud agnostic serverless applications and reusable functions in a Node.js environment with one-click multi-cloud deploy.

In order to demonstrate the capabilities of lolo, we will take a public API from JSONPlaceholder, specifically the posts endpoint, which can be publicly accessed and we will protect it with an API token.

Setup

Lolo is in private beta but you can apply for a sign up code to receive access. Your first two apps are completely free (forever). You can do that on their homepage here. Once you receive a code and signup, you will be taken into the dashboard where you can create apps. Here you can select create app button to create a new application.

Create a new app on Lolo Code IDE

Let us now give our app a new name and a sample description to help us remember what our app does. Once you do that and click on next, you will be taken to the IDE lolo provides us where we can create our serverless functions.

Give your app a name and description to help you remember what it does

Lolo IDE where we can create our serverless functions

Application

Let us now start creating our application. Lolo is structured in a way that you can create a bunch of reusable functions that you can reuse across app so it saves you time while building your application. It comes with few function prebuilt which makes our process of protecting our API a lot easier. To get started we will first make use of three functions from Lolo code,

1. LOLO/ HTTP TRIGGER
2. LOLO/LOLO API AUTH
3. OUR FUNCTION (Which we write)

You can find function 1. and 2. from the sidebar present in the IDE and you click on those to add them to the canvas. You can click on the New function button on the right corner to add our custom function i.e, 3. to the canvas as well.

Add functions to the lolo IDE as discussed above

We will now first edit out HTTP TRIGGER to take HTTP GET requests and forward that to API AUTH which will check to make sure the token is present and if the token is present it will forward the event to our new function where we write the logic to handle it. API AUTH provides authentication out of box so we don’t have to build it ourselves. After adding the config and connecting all of these together, this is what they are going to look like —

Configure HTTP TRIGGER and connect all the functions to each other

Let us now configure our custom function, we will first rename our function to something meaningful, double click on the function to go into function code editor where on the top bar you can click on settings and we can give our function a name and a meaningful description. We will then select ports on the left sidebar and click on the delete icon and remove the port as we don’t need to forward this to any other function. We will then click on back to go back to the canvas and this is how your functions should look —

Configure settings for our custom function and give it meaningful name and description

And the final step of the process is to actually write the code in the function to fetch API’s from the JSONplaceholder API and return it as a response to our function call, we will make use of popular library for this called Axios.

Double click on FETCH POSTS function and paste the below code into the editor —

And for the final step we will add axios as a dependency for our app in lolo so that it will install it during the deploy process of our application, to do that, we need to go into settings and then choose modules from the right sidebar and add axios —

Add code to the function and add axios as an application module in lolo

We can now finally save our function and give it a meaningful save message and then click on run to run our API that is protected by a token, you will have to give it a mintue or two to deploy our function and our logs should look like this —

Save your app, click on run and wait for the logs to display running on port 4000

I will now show you how to get the endpoint and also how to create a token so you can successfully call the endpoint. To first get the external URL that you can call, you need to double click on HTTP trigger and select external URL from the right sidebar and you can copy your URL from there —

Get external URL for posts in your application

Now when we make an API call to the endpoint, we will receive a 401 unauthorised error like below —

When we try to access our endpoint without an access token

We will now generate an access token from the UI so we can successfully authenticate and get the response from JSONplaceholder API. To do that, we need to go into admin section, API keys and create an API key. Now copy that API key you newly created and we will need to pass it as a header with key Lolo-Api-Key and we will get a successful response.

Create an API key and make request to the API with the API key in headers

That’s all, now our API is protected without us having to build an auth module ourselves. You can also further modify the code in the function to implement more functionalities like rate limiting, ect. and you can read through lolo documentation to understand it much better — https://docs.lolo.company