- Node.js 9.0.0+
- An Axioms client which can obtain access token after user's authentication and authorization and include obtained access token as bearer in
Authorizationheader of all API request sent to Node/Express application server.
express-js SDK to your project.
Create a .env file in your project root and add following configs
AXIOMS_CACHE_KEY_TIME is optional value in millisecond. Default to
600000 millisecond i.e. 10 minutes. Set to
0 if you don't want catch keys.
checkToken.js and add following,
Guard Your API Views
Use authentication and permission classes to guard you API views.
|Checks if API request includes a valid bearer access token as authorization header. Check performed includes: token signature validation, expiry datetime validation, and token audience validation.|
|Check any of the given scopes included in ||An array of strings as |
|Check any of the given roles included in ||An array of strings as |
|Check any of the given permissions included in ||An array of strings as |
profilescope present in the token
sample:rolerole present in the token
- Check permission present in the token at API method level
To see a complete working example download Express sample from our Github repository or simply deploy to Heroku by clicking following button. You will need to provide Axioms domain and Axioms audience to complete deployment.