Last week, I got the API gateway and DynamoDB setup. This week, I was able to create few endpoints, test it out and put into use in our project. I felt very happy seeing that my backend server less setup is working and in this blog, I’m gonna talk about few improvements that needs to be done.
The endpoints are currently not authorized, which means anyone with the api url can get data or post data in the DynamoDB table. I have it unauthorized for the ease of integrating with frontend. But, I have to authorize it soon to make the services individually secure.
On research, I came across Auth0, which can provide authentication to the APIs by sending access token in the Authorization header, using the Bearer authentication scheme. For example, if I want to get the information for a pet, I need to get an access token to pass it in the request Authentication header. Once the token gets verified, I would be able to get all the information for the particular pet.
This is the part that I’m going to be tackling over next week. I have researched on what should be done as best practices and I’m currently focusing on building all the necessary endpoints first, in order to unblock others. I’ll let you the difficulties of adding authorization to APIs in the next blog. Until then, byeeee!! 😀
