days
-2
-6
hours
-1
-9
minutes
-2
-6
seconds
0
-3
A new route to API development

Find your own path to develop REST APIs for Node.js with Footing

Jane Elizabeth
Footing
© Shutterstock / VLADYSLAV DANILIN

Looking for a stable foundation to develop REST APIs with Express and Node.js? Introducing Footing, a new project designed to help developers build secure APIs with minimal setup. Find your own route while keeping your project secure.

Forge your own path and find your own route to REST APIs! Thanks to the all-new Footing, developers have a stable foundation for creating the APIs of their dreams with minimal setup. Security isn’t an afterthought, but built straight into the foundation.

Footing provides developers with the opportunity to choose their own routes, whether they want to go public, private, or under CSRF protecting. However, the main goal is to let developers create REST APIs without going to the trouble of implementing an authentication system.

    Serverless Architecture Whitepaper

    LIVING IN A POST-CONTAINER WORLD
    Free: Brand new Serverless Architecture Whitepaper

    Stay on top of the latest trends with the help of our Serverless Architecture Whitepaper. Get deep insights on serverless platforms, cloud-native architecture, cloud services, the Kubernetes ecosystem (Knative, Istio etc.) and much more!

So, what does Footing have to offer? It comes out of the box with a number of environmental variables for an easy set up. Security-wise, the built-in authentication system comes with CSRF protection and SQL injection protection. Developers can designate their routes as private or public. Plus, there are even integration tests for predefined routes.

Footing’s authentication system is fairly robust. Private routes require a Bearer token in the request’s authentication header. After a successful login, the authentication token is stored as a cookie and returned as a JSON response. The token is a JWT with a unique ID stored in the user’s session. Footing’s authentication system protects its routes by verifying the tokens against the authentication header and the secret stored in the user’s session.

This is regenerated every session and the CSRF token is returned. The CSRF token used to make the login request is no longer valid.

It’s also important to note that Footing does not come with email verification or password restrictions for authentication. Nor is there XSS protection for data sanitization or SQL Injection prevention for routes independently created by the developer.

SEE ALSO: What can serverless do for Node.js developers?

Find your Footing

Want a stable foundation for your own APIs? Footing is freely available on GitHub. However, there are some requirements before you start blazing your own path. You’ll need a MySQL database for application data, a MongoDB database for managing sessions, and Node.js v8.11.1+. (Although you really ought to be using Node.js v10.15.1.) It’s also a good idea to have npm for the installation process.

Author
Jane Elizabeth
Jane Elizabeth is an assistant editor for JAXenter.com.

Leave a Reply

Your email address will not be published.