Skip to main content

Posts

Showing posts from February, 2017

Secure your Node/Express REST APIs using Passport JS

Recently I have been involved in various discussions on how to make the REST APIs as secure as SOAP. First of all, let me start with a very basic statement, about security, it doesn't depend on your Webservice type, be it REST or SOAP, your design decisions depicts whether they can be made secure or not. In this example blog, I will use " Micro CRUD services for Oracle Database Cloud " APIs and implement (read attach) Passport's "local" authentication strategy, to make them secure. Code in Github : LeasifyAPIs with Passport What is Passport JS? (from Documentation ) Passport is authentication middleware for Node . It is designed to serve a singular purpose: authenticate requests. When writing modules, encapsulation is a virtue, so Passport delegates all other functionality to the application. This separation of concerns keeps code clean and maintainable, and makes Passport extremely easy to integrate into an application. What are "strateg