Reputation: 956
Create an account through a REST api
I'd like to create a secure API in node.js for my mobile app.
Basically I would like users to be able to create their account through the app (with email and password), so I'm wondering what would be the right way. I imagine something like this:
curl -d '{"email":"hello@world", "password":"1234"}' -H "Content-Type: application/json" -X POST https://myapi/users
So server would reply with the new created user and oauth usual tokens in order to authenticate the next requests so:
{
id: '1234455656',
email: 'hello@world',
auth_token: 'my_auth_token'
refresh_token: 'my_refresh_token'
}
It just doesn't feel like the best secure way to do it as anyone could create a user even without the app, and I'm wondering if this is how apps usually deal with this? Maybe there's even something better than express to do this well
Upvotes: 0
Views: 297
Answers (1)
Reputation: 14629
Don't you want anyone to be able to create an account?
Here are a few ideas:
To prevent users from creating accounts without the app, require an api key with the signup request (in a header for example) that is bundled with the app build.
You should also require users to verify their email addresses, and you could clean out user accounts which have not verified their email address after a period of time.
Upvotes: 2
Related Questions
- How to create RestFull api with express and node.js?
- Rest API using nodejs express
- api authentication with node.js
- Restful API and user session
- Node.js Rest API Call
- PassportJS, ExpressJS, NodeJS, Creating API w/ Authentication
- User authentification in express.js / Node.Js
- Node.js username and password authentication
- how to create a user with mongoose + express
- Create a RESTful web service with oauth using Node.js