6. Auth
Now we can move onto adding authentication for the API. You will have to modify the routes you already created in api/snippets.js.
Authentication
The token is used to authenticate certain requests by setting the Authorization header, like so:
Authorization: token xyz
The "xyz" part is the token value that you can look up and find in the users.token column.
Routes
See below for details about authentication and the response expectations.
POST /api/snippets
POST /api/snippetsAuthenticated access: if the user has provided a valid token, we go ahead and insert a new row into the snippets table.
Ideally you should try to validate the request and make sure it has
a non-empty
titlea non-empty
contentsis_privateis optional
Invalid authentication: if the user has provided an invalid token or no token at all, we respond with a 403 Forbidden:
{
"error": "Not authorized"
}GET /api/snippets
GET /api/snippetsAnonymous access: if there is no Authorization header, this should return all non-private snippets together with some information about the user. Example response:
Authenticated access: if the user has provided a valid token, we return all snippets belonging to that user. Example response:
Invalid authentication: if the user has provided an invalid token, we respond with a 403 Forbidden response:
GET /api/snippets/:id
GET /api/snippets/:idThis endpoint should just return the snippet with the given ID:
Invalid authentication: if the user has provided an invalid token, we respond with a 403 Forbidden response:
Not found: we respond with a 404 if the snippet with the given ID cannot be found.
It is left as an optional exercise to add the following routes:
PUT /api/snippets/:idto update a snippetDELETE /api/snippets/:idto delete a snippet
Also, it could be a good idea to deny the request if the user making the request is not confirmed.
Last updated