Securing API Using HTTP Basic Auth

StackOverflow https://stackoverflow.com/questions/22408074

Question

I'm looking into HTTP Basic Auth to secure my Nodejs API (using SSL too).

I'm wondering whether both a username and password are required with Basic Auth as I would just like to use a secret API key which would serve as a username. Resources I have read appear to suggest that both are required but Stripe's docs appear to suggest that just a username is sufficient:

https://stripe.com/docs/api#authentication

"Authentication to the API occurs via HTTP Basic Auth. Provide your API key as the basic auth username. You do not need to provide a password"

Was it helpful?

Solution

You can use the basicAuth middleware in express to do this http://expressjs.com/api.html#basicAuth. Just set the username(s) to the API key and the password(s) to ' ' (empty string, not double quote).

OTHER TIPS

You can also use http-auth module for HTTP Basic/Digest authentication.

// Authentication module.
var auth = require('http-auth');
var basic = auth.basic({
    realm: "Simon Area.",
    file: __dirname + "/../data/users.htpasswd" // gevorg:gpass, Sarah:testpass ...
});

// Creating new HTTP server.
http.createServer(basic, function(req, res) {
    res.end("Welcome to private area - " + req.user + "!");
}).listen(1337);
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top