Summary
In this chapter, we explored two fundamental concepts that almost every API needs: authorization and authentication. We investigated authentication options commonly used in APIs, such as session tokens and JWTs. Also, we talked about the simplicity behind RBAC and how, with this simple concept, you can go very far regarding authorization.
But all this information is only helpful if you use it, so we applied all this new knowledge to our API. Now, it can authenticate users and decide if they are authorized to execute specific actions based on their roles.
One of the things that is starting to feel wrong is how we store data using global variables. That is not the right way to do it. What any API developer out there would use to store that kind of data is a database. It doesn’t matter if you prefer one database or another. The concepts are the same. In the next chapter, we will talk about data persistence in a database, and we will use SQLite as an example, but...
