Supporting Machine-to-Machine Security

Design and Build Great Web APIs — by Mike Amundsen (78 / 127)

👈 Implementing API Security with Auth0 | TOC | What’s Next 👉

Adding support for machine-to-machine (M2M) security to your API takes just a few steps. You need to add a few modules to your project that contain the functionality to communicate with OAuth providers and evaluate JWTs. You also need to modify your own API service interface to look for and process JWTs when they appear. Finally, you need to import the OAuth authentication parameters you collected from the third-party provider (see ​Collecting API Identity Parameters​).

Company-Secure

INFORMATION

For the example in this chapter, I’ve forked the existing company sample API service to one named company-secure. I’ll show you excerpts from that example as we walk through the steps to secure a Node/Express API project. You’ll find a copy of the completed API project in the code folder associated with this chapter on the book’s web page at https://pragprog.com/titles/maapis/source_code.

Adding Security Modules to Your NodeJS project

First, let’s add the following security modules to our NodeJS project. These will provide support for JSON Web Tokens (JWTs) and OpenAuth (OAuth):

• jsonwebtokens — NodeJS implementation of the JWT standard