API to accompany the 'Securing your (RESTful) API' presentation
This is a simple API that lets you create a user account and test view user info using basic or JSON Web Token (JWT) authentication.
create a user
# request
curl -d "name='First Last'" \
-d "email=user@email.com" \
-d "password=password" \
-d "confirmPassword=password" \
http://arusha-coders-api.herokuapp.com/user
# response
{
"source": "signup",
"objects": {
"email": "user@email.com",
"jwt": "eyJ0eXAi...",
"exp": "DD/MM/YYYY"
}
}get user info via Basic Authentication
# request
curl -H 'Content-Type: application/json' \
-u 'user@email.com:password' \
http://arusha-coders-api.herokuapp.com/user
# response
{
"objects": {
"user": {
"_id": "554d...",
"password": "$2$10$...",
"lastName": "Last",
"firstName": "First",
"email": "user@email.com",
"__v": 0,
"isVerified": false
}
}
}get user info via JWT Bearer Token Authentication
# request
curl -H 'Content-Type: application/json' \
-H 'Authorization: Bearer replace_with_your_jwt' \
http://arusha-coders-api.herokuapp.com/user
# response
{
"objects": {
"user": {
"_id": "554d...",
"password": "$2$10$...",
"lastName": "Last",
"firstName": "First",
"email": "user@email.com",
"__v": 0,
"isVerified": false
}
}
}create another JWT
# request
curl -X POST \
-H 'Content-Type: application/json' \
-u 'user@email.com:password' \
http://arusha-coders-api.herokuapp.com/token
# response
{"objects": {"result": {"jwt": "eyJ0e...", "exp": "DD/MM/YYYY"}}}initialize
# init requirements
import requests
# set api endpoint
base = 'http://arusha-coders-api.herokuapp.com'create a user
# request
name, username, password = 'First Last', 'user@email.com', 'password'
data = {'name': name, 'email': username, 'password': password, 'confirmPassword': password}
r = requests.post(base + '/user', data=data)
# response
r.json()
# same as cURL aboveget user info via Basic Authentication
# extract JWT
jwt = r.json()['objects']['jwt']
# request
auth = (username, password)
r = requests.get(base + '/user', auth=auth)
# response
r.json()
# same as cURL aboveget user info via JWT Bearer Token Authentication
# request
headers = {'Authorization': 'Bearer %s' % jwt}
r = requests.get(base + '/user', headers=headers)
# response
r.json()
# same as cURL abovecreate another JWT
# request
r = requests.post(base + '/token', auth=auth)
# response
r.json()
# same as cURL abovegit clone https://github.com/reubano/arusha-coders-api.git
npm install
npm start
create a user
# request
curl -d "name='First Last'" \
-d "email=user@email.com" \
-d "password=password" \
-d "confirmPassword=password" \
http://127.0.0.1:3333/userget user info via Basic Authentication
# request
curl -H 'Content-Type: application/json' \
-u 'user@email.com:password' \
http://127.0.0.1:3333/userget user info via JWT Bearer Token Authentication
# request
curl -H 'Content-Type: application/json' \
-H 'Authorization: Bearer replace_with_your_jwt' \
http://127.0.0.1:3333/usercreate another JWT
# request
curl -X POST \
-H 'Content-Type: application/json' \
-u 'user@email.com:password' \
http://127.0.0.1:3333/token# init requirements
import requests
# set api endpoint
base = 'http://localhost:3333'
# continue directions from aboveThis code is free to use and distribute, under the MIT license.