The Blogging API allows Developers work with files which have the functionality of user authentication, ability to secure login routes, create blog posts, update blog post, delete blog posts and view all blog posts. The Blogging API is specially designed to permit authorized users through an auth-token which expires in 1hr. Passwords are encrypted with bcrypt and all routes are protected. The Blogging API uses HTTP POST requests with JSON arguments and JSON responses. The Routes can be tested using Postman.
API STRUCTURE
GET / (unprotected) ===> Home route to display Blog home content.
GET /login (protected) ===> Authenticate new user with JWT (Use of SSO to be updated).
GET /logout (unprotected) ===> Logout a user.
Blog API (Post Routes)
GET /api/v1/posts (protected) ===> Return all posts.
POST /api/v1/posts (protected) ===> Add a post to the db.
PUT /api/v1/posts/:id (protected) ===> Update a post.
DELETE /api/v1/posts/:id (protected) ===> Delete post by ID.
GET /api/v1/posts/:id (protected) ===> Get post by unique ID.
Other Middlewares used:
Rate Limiting: helps protect API from malicious attacks and controls unwanted requests from users.
Security Middleware: helps protect user's data.
Good Logging: proper logs to identify errors in any part of the application
Validation: ensures that user inputs are clean, correct and useful.
Dependencies used:
express: node.js framework for building the API.
body-parser: npm package used to process data sent in an HTTP request body.
nodemon: npm package that helps us run the application without restarting the server anytime a change is made.
dotenv: helps create a .env file that stores environmental variables that are added to the process .env object.
joi: helps specify the order in which request inputs are validated.
JWT: is a module that provides express middleware for validating JSON Web Tokens (JWTs) through the jsonwebtoken module.
To start the server locally on PORT: 4000
- run
npm run dev
Hosted link
GitHub repository for reference and guide
Routes can be tested using:
Postman
Hosted link
User Route:
Register User
Here the user has access to sign up on the blogging app with personal details and through the route below. A POST Method is used to send user details.
Route: /api/v1/users/register
Method: POST
Body:
{
"firstName":"Joseph",
"lastName":"Example",
"email":"joeexample@gmail.com",
"password":"joe123456"
}
(firstName and lastName should not be less than 6 characters)
- responses
Success
{
message: 'Register successful'
user: {
"firstName":"Joseph",
"lastName":"Example",
"email":"joeexample@gmail.com",
"password":"joe123456"
}
}
Login User
Here the user has access to log into the blogging app with personal details and through the route below. A POST Method is used to send user details which are validated through the auth-token for the user to have access to the home page.
Route: /api/v1/users/login
Method: POST
Header
Content-Type: application/json
auth-token: (token given)
Body:
{
"email":"joeexample@gmail.com",
"password":"joe123456"
}
(login details must be same as registered details)
- responses
Success
An authentication token will be given to you which you'll supply in the Header as you go on
Note: token is being updated after 1hr
Post Route:
Here users are able to create their blog post, access all blog post, get blog post through specific ID, update the blog post created or delete the blog post created. The routes are provided below for easy navigation.
Home Request
This gives access to the home page of the blog
Route: /
Method: GET
Get All Posts
This helps the user get all available posts in the database
Route: /api/v1/posts
Method: GET
Header
Content-Type: application/json
auth-token: (token given)
Note: token is being updated after 1hr
Add a Post
This helps the user to create a post and add it to the database
Route: /api/v1/posts
Method: POST
Header
Content-Type: application/json
auth-token: (token given)
Note: token is being updated after 1hr
- Body:
{
"title": "Chemicals",
"description": "Study of CHEM properties of matter and",
"author": "Bristeny Kayi",
"body": "structure of chems, objects, props, maintenance",
"year": 2022
}
Update Post by ID
This helps the user to make adjustments, corrects, updates to posts available in the database by their IDs.
Route: /api/v1/posts/:id
Method: PUT
Header
Content-Type: application/json
auth-token: (token given)
Note: token is being updated after 1hr
Get Post by ID
This helps the user to get specific a post in the database by its ID
Route: /api/v1/posts/:id
Method: GET
Header
Content-Type: application/json
auth-token: (token given)
Note: token is being updated after 1hr
Delete Post by ID
This helps the user delete a particular post in the database by its ID
Route: /api/v1/posts/:id
Method: DELETE
Header
Content-Type: application/json
auth-token: (token given)
Note: token is being updated after 1hr
Conclusion:
With all these structures and routes put in place and well tested with postman, the foundation is set for the blogging application. Feel free to make reference to the github repository and hosted link above.