We'll use curl
and $.ajax
with html forms to sign up, sign in, and sign out
of an API.
We'll also change our passwords.
The API uses Token authentication and we'll see how to make authenticated
request (sign out and change password).
By the end of this, students should be able to:
- Use
curl
to access an authenticated API. - Use
$.ajax
to access an authenticated API.
Fork, clone, branch, and npm install.
Web APIs often require some sort of authentication. The game API requires users to register and then login to gain an authentication token.
We'll use curl
, httpbin.org
, and jQuery.ajax
to explore HTTP further.
The we'l connect to an authenticated API, library-api.
The operations we'll perform:
verb | path | parameters |
---|---|---|
POST | /sign-up |
credentials containing email , password , password_confirmation |
POST | /sign-in |
credentials containing email and password (response contains auth data) |
PATCH | /change-password/:id |
passwords containing old and new (requires Authorization header) |
DELETE | /sign-out/:id |
None (requires Authorization header) |
First we'll test our command against an echo server to make sure we're sending the right data. There's no need to use an actual e-mail address and don't use anything you might want to actually use as a password.
We'll use scripts/sign-up[-json].sh
to run curl, first sending JSON then
sending data the way the browser does by default.
We'll see how the server treats both ways of sending data (it's all just
strings) in a similar way.
If we left out the --include
flag we wouldn't see the response header.
What's the benefit of using an echo server?
Next we'll want to actually register with the API.
We'll modify scripts/sign-up[-json].sh
to connect to the library-api
.
Now let's put code into assests/scripts/auth/*
to get another "e-mail"
address registered with the API. We'll again start with the echo server.
We'll use scripts/sign-in-json.sh
.
Now with url encoded data in scripts/sign-in.sh
.
Add a form to index.html
and code to assets/scripts/auth/*
to login to
the API.
You may want to start by using the echo service to check your request.
What should we do with the data returned by the API?
We'll use scripts/change-password[-json].sh
to change a password.
After that we'll verify that we can no longer authenticate using the old
password.
Add a change password form to index.html
and code to
assets/scripts/auth/*
to change the password.
Signing out invalidates the the current token.
We'll use scripts/sign-out.sh
to sign out of the API.
We'll verify that the token we used is no longer valid.
Add a sign out form to index.html
and code to assets/scripts/auth/*
to
sign out of the API.
Developers should run these often!
grunt nag
or justgrunt
: runs code quality analysis tools on your code and complainsgrunt reformat
: reformats all your code in a standard stylegrunt serve
: generates bundles, watches, and livereloadsgrunt test
: runs any automated tests, depends ongrunt build
grunt build
: place bundled styles and scripts whereindex.html
can find them
Source code distributed under the MIT license. Text and other assets copyright General Assembly, Inc., all rights reserved.