Node.js client api key

Question

I have a node.js backend for an ios app that will provide json data to the app. I want to handle client authentication for each app. The users do not need to create an account. I only want to identify the client apps when providing data and save some data for each client on the node server.

1. How do I handle identifying each app on the server?
2. If I need to create an API key, how do I handle that?
3. If there is a way to authenticate the app when the app first accesses the API, how can I create a unique identifier for the app?
4. Last, what do I need to know before I deploy the node server? Can I get away by just pointing a domain to my router, opening a port and serving the api from there or is it a must to have a web server setup to handle that?

Thank you

Answer 1

You can basically find a lot of blogs posts to get best practices to follow when designing an api. But here is an over all idea

1. You can create a client key and send it on every api request or add as part of url

   Example: api.example.com/v1/users?client=android&version=1.1

2. Use Middileware. You can either name as to your convenience or have a database to store key value to manage your clients. Example:

   Create a Middleware which does the handling of authentication and API key checker before you forward it to the routes.

   android => 0, ios => 1, web => 2

   url: api.example.com/v1/users?client=0&version=1.1

3. There are many ways to create api keys. Here are some of them

   UUID - https://www.npmjs.com/package/uuid

   Json web token - https://github.com/auth0/node-jsonwebtoken

   Oauth - https://github.com/ciaranj/node-oauth

4. Again, You have a lot of online posts explaining best practices to follow in production. If express.js, You can find best practices to follow here Express Production

This is just an overview. I request you to do a lot of research online and ask a relative more concrete problems you face towards your learning.