We'll use curl and $.ajax with html forms to sign up, sign in, and sign out of an API. We'll also change our passwords. The API uses Token authentication and we'll see how to make authenticated request (sign out and change password).
By the end of this, students should be able to:
- use
curlto exercise an authenticated API - Use
$.ajaxto connect to an authenticated API
Fork, clone, branch, and npm install.
Web APIs often require some sort of authentication. The game API requires users to register and then login to gain an authentication token.
We'll use curl, httpbin.org, and jQuery.ajax to connect to an authenticated API running on my laptop.
The operations we'll perform:
| verb | path | parameters |
|---|---|---|
| POST | /sign-up |
credentials containing email and password |
| POST | /sign-in |
credentials containing email and password (response contains auth data) |
| PATCH | /change-password/:id |
password containing old and new (requires Authorization header) |
| DELETE | /sign-out/:id |
None (requires Authorization header) |
First we'll test our command against an echo server to make sure we're sending the right data. There's no need to use an actual e-mail address and don't use anything you might want to actually use as a password.
We'll use api-test/sign-up to run curl, first sending JSON then sending data the way the browser does. We'll see how the server treats both ways of sending data (it's all just string) in the same way.
If we left out the --include flag we would't see the response header. What's the benefit of using an echo server?
Next we'll want to actually register with the API.
We'll modify api-test/sign-up to connect to the server running on my laptop.
Now let's use the code in assests/scripts/example.js to get another "e-mail" address registered with the API. We'll again start with the echo server.
We'll use api-test/sign-in using JSON.
Now with url encoded data.
Add a form to index.html and code to assets/scripts/example.js to login to the API. You may want to start by using the echo service to check your request.
What should we do with the data returned by the API?
We'll use api-test/change-password to change a password. After that we'll verify that we can no longer authenticate using the old password.
Add a change password form to index.html and code to assets/scripts/example.js to change the password.
Signing out invalidates the the current token.
We'll use api-test/sign-out to sign out of the API. We'll verify that the token we used is no longer valid.
Add a sign out form to index.html and code to assets/scripts/example.js to sign out of the API.
Developers should run these often!
grunt nagor justgrunt: runs code quality analysis tools on your code and complainsgrunt reformat: reformats all your code in a standard stylegrunt serve: generates bundles, watches, and livereloadsgrunt test: runs any automated tests, depends ongrunt buildgrunt build: place bundled styles and scripts whereindex.htmlcan find them
Source code distributed under the MIT license. Text and other assets copyright General Assembly, Inc., all rights reserved.