Introduction to REST API Authentication Methods

Hello devs! In this article, I’ll be discussing some common ways to authenticate your API as a way to protect your routes from users that shouldn’t access them.

Why should I protect my routes?

Certain routes such as your user’s profile page or the admin pages should be only accessible to that user or the admin himself respectively. Imagine being able to log into any user account on an app and see their private account data. That’s just terrifying!

Therefore, it is necessary to protect routes with the authentication and authorization methods for your Node.js REST APIs. For this article, I will be demonstrating authentication only but I may write about authorization in the future because that topic deserves its own article. Before we get into the authentication methods, I first

Authentication vs Authorization

First, let’s clarify some definitions: authentication and authorization. The table below is an easy-to-read overview of the differences between authentication and authorization. Please take your time to read and understand it before moving on.