Auth0 Home Blog Docs

Node.js and Express Tutorial: Building and Securing RESTful APIs

node
nodejs
node-auth0
#1

How to easily develop and build RESTful APIs with Node.js and Express, while securing it with Auth0. Build a demo that allows third-party clients to make requests to API and manipulate resources.

Read on :green_heart:>> https://auth0.com/blog/node-js-and-express-tutorial-building-and-securing-restful-apis

1 Like
#2

Tell us what you think of this post.

#3

Is there a similar tutorial for restify? Specifically the auth part of it. Haven’t yet seen one for restify

1 Like
#4

Great overview article on getting started. I’d like to see more on the Auth0 aspect of this process, such as managing access tokens for users accessing the API.

1 Like
#5

How to validate the actual third-party applications that are calling the API ? Like API Keys.

Only thru logging in users ? what about the actual application ?

I want to verify that the third party apps accessing the API are part of a particular account, and respond with data from their account.

#6

Howdy, @johnxy84! I am working on some Node posts and I plan to cover Restify along with Express! Is there anything in particular you’d like to learn about Auth0, Node, and Restify?

Thank you for your feedback!

#7

Thanks for the feedback, @mietwise-storm! I’ll add it to my list of ideas on what to cover for the Node ecosystem :slight_smile:

Are there any other specific topics related to Node and Auth0 or Node in general that you’d like to see covered?

#8

Yes Dan. Basic Authentication for an API using restify

1 Like
#9

You got it, @johnxy84. Adding it to the pipeline :slight_smile:
I’ll ping you here when it’s live.

1 Like
#10

When I test the github example, after getting my test token, and sending any request other than GET (i.e. POST, PUT) with the authorization header set to “Bearer {token}” (replacing {token} with the one on the test section of my API, the server says this:

SyntaxError: Unexpected token t in JSON at position 3
    at JSON.parse (<anonymous>)
    at parse (C:\Users\esteb\Desktop\auth0-express-master\node_modules\body-parser\lib\types\json.js:89:19)
    at C:\Users\esteb\Desktop\auth0-express-master\node_modules\body-parser\lib\read.js:121:18
    at invokeCallback (C:\Users\esteb\Desktop\auth0-express-master\node_modules\raw-body\index.js:224:16)
    at done (C:\Users\esteb\Desktop\auth0-express-master\node_modules\raw-body\index.js:213:7)
    at IncomingMessage.onEnd (C:\Users\esteb\Desktop\auth0-express-master\node_modules\raw-body\index.js:273:7)
    at IncomingMessage.emit (events.js:194:15)
    at endReadableNT (_stream_readable.js:1125:12)
    at process._tickCallback (internal/process/next_tick.js:63:19)

When i send a DELETE request to the ID created before starting the express server, it returns the “Ad removed” response, but then i send a GET request to / and there is the ad (not deleted).

I was searching for a solution everywhere but couldn’t find it :confused:

#11

Ooooooook, the problem was a missing “” on title,
I was sending the JSON body as:
{
title: “Something”
}

And now that im sending:
{
“title”: “something”
}

Its working, im sorry, and thanks for the tutorial.

1 Like
#12

Welcome to the Auth0 Community, @estebi.r!
I am glad that everything worked out fine :slight_smile:

#13

Hi, @mietwise-storm. Somehow I missed the messages on this post.

What do you mean by “managing access tokens”? I mean, the API that the article teaches how to build just validate tokens that are embedded into requests (more specifically on the Authorization header). Fetching access tokens (and managing their lifecycle) would pretty much depend on what type of client you are developing to consume this API.

For example, if you were building a server-side rendered app with Next.js and React, you would use Passport to authenticate users and to fetch tokens. Then, inside this app, you would store access tokens and, if needed, refresh tokens.

Does that help? Or what have I missed?