JSFoo 2018

On JavaScript and Security


APIs Strike back : The rise of the JSON Web Tokens

Submitted by Md. Shahbaz Alam (@mdsbzalam) on Saturday, 21 October 2017

Technical level: Intermediate Status: Under evaluation


Most APIs today use an API Key to authenticate legitimate clients. API Keys are very simple to use from the consumer perspective:
You get an API key from the service (in essence a shared secret). Add the key to an Authorization header. Call the API. However, life isn’t as easy from the API producer part. In this talk, I’ll show how using JWTs as API Keys has greatly improved our architecture by giving us granular security, a homogenous auth architecture, decentralized issuance, debuggability and much more! Learn how to use it in your Node.js applications




Speaker bio

I’m a Full Stack Developer @ Divertido Technology , Auth0 Ambassador and Mozilla Representative.




  •   Zainab Bawa (@zainabbawa) Reviewer a year ago

    Shahbaz, upload a two-minute preview video explaining what this talk is about and why the audience should attend it. Do this by 20 April so that we can finish evaluating your proposal.

Login with Twitter or Google to leave a comment