Implementing API Security with Auth0

Design and Build Great Web APIs — by Mike Amundsen (77 / 127)

👈 Understanding Security Basics | TOC | Supporting Machine-to-Machine Security 👉

We’re going to use the Auth0 online platform for our API security. We’ll need to log in (or sign up) at the website, define our API in the Auth0 system, and collect key authentication parameters that we’ll need in order to access the secured API (for example, our access token). We’ll also learn how to validate access tokens with the JWT.io website.[86]

Once we have that taken care of, we can modify our API service to support secure connections, and then we can test that using the access token supplied by Auth0. But first, let’s log in to our security provider and define our secure API.

Logging In to Auth0

The first step in adding security to our API will be to log in to Auth0.[87] I like using Auth0 because you can start small and build up a more complex security profile as you need it. Your company may be using a different external service, or you may want to implement one of your own. The important thing here is to understand the key concepts so that you can translate them to your own environment.

If you already have an Auth0 account, just go to the home page and click the Login button. If you need to create an account, visit the Sign Up page to get started.[88]