Securing API calls

Image for post
Image for post
Photo by Micah Williams on Unsplash

Now that we have a fully functional API that allows you to register and login, the next thing is to put our authentication to good use in the shape of securing API calls.

There’s a couple of ways we can use Cognito as a way to authenticate callers into an API. A very popular way is to use Cognito as an Authorizer for REST APIs. …


Customising your User Comms

Image for post
Image for post
Photo by Adam Solomon on Unsplash

Recap

In the previous two posts, we talked about what Cognito was and we talked about the registration process for users in your application using Cognito.

As usual, the source code I’ve been working on it’s hosted on my personal space on Github. Feel free to have a pull.

We are at the point now where we have built an API that allows people to register, confirm and login with their users. However, when somebody creates an account we’re still sending email messages using Cognito and they don’t look like the most exciting messages ever!

Image for post
Image for post
This is how exciting our emails look like at this point

Sending emails with SES

It’s time for a disclaimer, at this moment, I haven’t figured out a way to create a new SES account using CloudFormation so we’ll have to live with a manual step here. If you want to learn how to verify an email address with SES, the folk at AWS have a very good article on how to do that. …


Recap

In the previous post, we talked about Cognito itself and managed to get a fully working User Pool with a client.

If you want to see the source code that I’ve been working with so far, you can find it on my Github account.

Part 2. The registration process.

In order to get started, we first need to quickly understand how Cognito deals with the registration flow. The following graph explains it pretty well and we’ll go over a couple of important notes but if you want more details, the docs will have most of the answers you’ll need.

Image for post
Image for post

In a nutshell, these are a couple of things to…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store