In this post we are going to secure our NodeJS API’s with customized security token generated by logged user and HTTP actions.
How it Works:
Let’s take a quick look on how the work is going to be done.
- Generating a customized token by each HTTP request.
- Pass it through request header(x-access-token)
- Server extract the token from each request
- Verify the custom token by regenerating in server
- If token match then system check the user permission from database
- Otherwise system will response with status code of 403/404