Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

arusha-coders-api

API to accompany the 'Securing your (RESTful) API' presentation

Intro

This is a simple API that lets you create a user account and test view user info using basic or JSON Web Token (JWT) authentication.

Usage

Demo Server

cURL

create a user

# request
curl -d "name='First Last'" \
     -d "email=user@email.com" \
     -d "password=password" \
     -d "confirmPassword=password" \
     http://arusha-coders-api.herokuapp.com/user

# response
{
    "source": "signup",
    "objects": {
        "email": "user@email.com",
        "jwt": "eyJ0eXAi...",
        "exp": "DD/MM/YYYY"
    }
}

get user info via Basic Authentication

# request
curl -H 'Content-Type: application/json' \
    -u 'user@email.com:password' \
    http://arusha-coders-api.herokuapp.com/user

# response
{
    "objects": {
        "user": {
            "_id": "554d...",
            "password": "$2$10$...",
            "lastName": "Last",
            "firstName": "First",
            "email": "user@email.com",
            "__v": 0,
            "isVerified": false
        }
    }
}

get user info via JWT Bearer Token Authentication

# request
curl -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer replace_with_your_jwt' \
    http://arusha-coders-api.herokuapp.com/user

# response
{
    "objects": {
        "user": {
            "_id": "554d...",
            "password": "$2$10$...",
            "lastName": "Last",
            "firstName": "First",
            "email": "user@email.com",
            "__v": 0,
            "isVerified": false
        }
    }
}

create another JWT

# request
curl -X POST \
    -H 'Content-Type: application/json' \
    -u 'user@email.com:password' \
    http://arusha-coders-api.herokuapp.com/token

# response
{"objects": {"result": {"jwt": "eyJ0e...", "exp": "DD/MM/YYYY"}}}

Python

initialize

# init requirements
import requests

# set api endpoint
base = 'http://arusha-coders-api.herokuapp.com'

create a user

# request
name, username, password = 'First Last', 'user@email.com', 'password'
data = {'name': name, 'email': username, 'password': password, 'confirmPassword': password}
r = requests.post(base + '/user', data=data)

# response
r.json()
# same as cURL above

get user info via Basic Authentication

# extract JWT
jwt = r.json()['objects']['jwt']

# request
auth = (username, password)
r = requests.get(base + '/user', auth=auth)

# response
r.json()
# same as cURL above

get user info via JWT Bearer Token Authentication

# request
headers = {'Authorization': 'Bearer %s' % jwt}
r = requests.get(base + '/user', headers=headers)

# response
r.json()
# same as cURL above

create another JWT

# request
r = requests.post(base + '/token', auth=auth)

# response
r.json()
# same as cURL above

Local Server

git clone https://github.com/reubano/arusha-coders-api.git
npm install
npm start

cURL

create a user

# request
curl -d "name='First Last'" \
     -d "email=user@email.com" \
     -d "password=password" \
     -d "confirmPassword=password" \
     http://127.0.0.1:3333/user

get user info via Basic Authentication

# request
curl -H 'Content-Type: application/json' \
    -u 'user@email.com:password' \
    http://127.0.0.1:3333/user

get user info via JWT Bearer Token Authentication

# request
curl -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer replace_with_your_jwt' \
    http://127.0.0.1:3333/user

create another JWT

# request
curl -X POST \
    -H 'Content-Type: application/json' \
    -u 'user@email.com:password' \
    http://127.0.0.1:3333/token

Python

# init requirements
import requests

# set api endpoint
base = 'http://localhost:3333'

# continue directions from above

License

This code is free to use and distribute, under the MIT license.

About

simple API illustrating basic and JSON Web Token (JWT) authentication

Topics

Resources

License

Packages

No packages published