Securing a Sails API

Question

I made an API using Sails.js. I dont want to expose this API to the public, but I want to write two clients for it, one is going to be a web client (AngluarJs probably) and the other will run on Android phones.

I don't want to expose the API because each client has a set of controllers it can access, and each user has a number of privileges.

For this I thought about maybe 2 steps: 1/ Identify that the request came genuinely from one of my apps 2/ Check if the user has the privilege to access that part of the API

Is there any module that does this?

Answer 1

You can configure different kinds of policies in sails. As an example for authentication,Authorization and for some other custom check also.

Check this Sails Policies Config

There are also different kinds of sails extensions available like

1. sails-auth: Passport-based Authentication Extension, including Basic Auth
2. sails-permissions: Permissions and Entitlements system for sails.js: supports user authentication with passport.js, role-based permissioning, object ownership, and row-level security.