/rails_api_with_jwt

Creating RestApi with secured manner

Primary LanguageRuby

To Do

  1. Prerequisite
  2. Create an Open API
  3. Test API using CURL
  4. Add authentication in API

Tables Involved

user user_educations user_workplaces friends pictures status videos comments

Prerequisite

  1. Install Ruby 2.7.0
  2. Install Rails 6.0.4

Create an Open API

 rails new test_api --api

Test API using CURL

CURL - client URL Request. It is CLI tool to receiving data from URL

-X - It denotes HTTP verb -H - It will denote Header (Content-Type: appication/json)

curl -X GET http://0.0.0.0:3000/users/1
curl -X POST -d "user[name]=honesttest&user[password]=iiiiii" http://0.0.0.0:3000/users
curl -X PUT -d "user[name]=honesttest&user[password]=iiiiii" http://0.0.0.0:3000/users/1
curl -X DELETE http://0.0.0.0:3000/users/10

Add authentication in API

  1. HTTP Basic Authentication http_basic_authenticate_with name: "me", password: "@home" - Use at controller

  2. Authenticate with Username and password

     SHA1(digest/sha1) and bcrypt algorithms for Encryption

  3. Authentication as a Service (AZURE and AWS providing IAM) Authentication handed over trusted third party like FB, Google and so on. It will happen via OAuth

  4. Token Authentication - JWT(Json Web token)

  5. CSRF Token Authentication - It will avoid CSRF attack from hacker

  6. LDAP Authentication (Light Directory Access Protocol) -> This is suitable for database will store authentication information

RAILS API with JWT Token

  1. Add Below Gems

    gem 'rack-cors' # It prevents api call from unknown origin .Use Rack CORS for handling Cross-Origin Resource Sharing (CORS), making cross-origin AJAX possible
gem 'bcrypt' # Hasing the password for user. (Encryption Library) Use Active Model has_secure_password
gem 'jwt'