Your rate limiter grows in functionality. You already built an IP-based rate limiting that is configurable for each route. The route limits let you configure an individual rate limit for a route that differs from the server’s default rate limit. Another aspect of rate limiting is dynamic rate limiting. …
Continue Reading
In the first tutorial, you built an IP based rate limiter. The rate limiter stores the client-related details in Redis. Your setup includes the configuration for global rate limits that apply to each incoming request. In this tutorial, you’ll implement the logic to support individual rate limits for each …
Continue Reading
Security is an essential part of your API. It’s your interest to not expose any sensitive user data to the Internet. You’re already hashing the user passwords and store them in an encrypted JWT. Another step in protecting your API endpoints is to secure them against brute-force attacks. …
Continue Reading
Building an API requires a lot more stability than web applications. You can’t simply change the endpoint contract. Clients consume your API and expect the data to be in a specific format. For web applications, you’re most likely in charge of the web views and can adjust view …
Continue Reading
Building a sophisticated API affects both views: the view as a consumer and as a developer. Testing API endpoints needs more than unit or integration tests. The API documentation is a good starting point but limits yourself to the API surface. Imagine the flow to check the response for an …
Continue Reading
In the previous tutorial, you implemented JWT authentication and required the related jwt strategy on API endpoints. This change affects your Swagger API documentation because users can’t simply run requests against the endpoints from within the Swagger UI anymore. In this tutorial, you’ll configure Swagger to support API …
Continue Reading
The previous tutorial laid the foundation for API authentication with username and password. You created a dedicated API authentication plugin which registers login route to authenticate with username and password to the hapi API server. A successful login generated an API authentication token which should be used for API requests. …
Continue Reading
Building an API usually involves user accounts and personal data. Users should see their personalized dashboard or newsfeed. This requires API endpoints that identify the requesting user. The most straightforward approach: API endpoints that require authentication. The login with username and password is the first part of API authentication. The …
Continue ReadingFind interesting tutorials and solutions for your problems.