Create Countersignature Authentication with airSlate SignNow

Create countersignature authentication

hi this is episode 62 Kron DOS I'm your host Jordan Hudgens I'm Ruby Dev and the CTO of the dev camp platform whether you're looking to get hired for a new development job or moving up in an organization where you're at now understanding how api's work is critical for many positions in this guide I'm going to help you answer the programming job question of how do you implement API authentication as a quick review remember that API stands for application programming interface API s are essentially tools that let third-party applications communicate with other apps an example would be posting a link on Twitter and having an auto post on Facebook in order to make this type of functionality possible Twitter had to use the Facebook API in order to post on a user's behalf now that we know what an API is let's discuss API authentication when you're working with the api's it's typically important to ensure that requests are being made by valid third-party applications for example imagine that you built an API that sends out text messages you would want to make sure that only apps you trust could communicate with your service write API authentication is a process of ensuring that only authorized applications are able to interact with your program this may seem like a very basic concept because you're used to using a username and password each time you login to sites like Facebook where API authentication is different than the normal login process is that it has to be completed a hundred percent in code usually this means including information in the API request that contains a username password API key things like that this information can then be checked by the receiving application to make sure that the request is coming from a valid app you can compare this to a site like Facebook checking your email and password against their database this ensures that you are who you say you are so now that you have an idea of what API authentication is why is it important let's continue with our example of having an API that sends text messages if you don't improve authentication in your service you run the risk of anyone being able to send SMS messages this includes apps that would send spam and malicious stat out to users obviously this would be a bad thing to happen and could even cause you to get penalized or banned from sending messages out even from legitimate sources take a look at the most popular api's in the world such as Google Maps Twitter Facebook or Yelp you'll discover that they each require any applications that communicate with them to be authenticated in order to understand how to implement API authentication let's dive right into the code for this example I'm going to use the Ruby on Rails framework that means that the syntax will be specific to Rails however the overarching concepts can be applied to any other language or framework I've taken this walkthrough from a course I'll be publishing next month the course will focus on how to build a Ruby on Rails micro-service application architecture to reiterate if you're not familiar with the rails framework don't - now you can apply a similar implementation to pretty much any type of framework that you use the app will be adding authentication to is an API that sends out SMS messages just like our example from earlier at a high level it allows third-party applications to send out API requests and it sends out text messages with the data provided in the course I followed the test-driven development process for implementing authentication however that's slightly out of scope for this walkthrough and it makes the video quite a bit longer you can check it out if you want to learn how to build app and follow rails best practices the first step we'll take is to create a method called authenticate and then have it run before any service tries to communicate with the API inside of the authenticate method I'm leveraging the rails built-in method authenticate or request with HTTP basic this will help perform tasks such as automatically requesting that an outside app supply login credentials inside of the authenticate method it simply performs a database lookup and verifies that there's a client with matching API credentials I'm using source app and API key for those attributes however the are simply arbitrary names they could just as easily be username and password if you run this in the rail server you'll see that this works in the browser is asking for login credentials this is essentially mimicking what the API will encounter when it tries to communicate with the app I also ran the database query to find client and I found one had the following credentials if I enter in the wrong credentials the app will see the content and it'll ask for login credentials again as shown here but if I enter the correct login credentials into the browser it'll let me access the page testing and the browser is all well and good however this is an API therefore it needs to be tested with JSON data and the code so how exactly can we do that well before authentication was implemented I was able to create a notification by sending a cruel request what's curl pearl is a command-line tool that lets developers mimic sending various protocol requests in this case we'll be sending an API request this curl request used to work however if you try it now it fails as it should and it fails with the error message HTTP basic access denied so how can we include our login credentials via curl thankfully curl has a nice built-in way of passing in parameters for hdt basic auth requests like ours we can prepend this code which if you remember is simply login credentials we tested in the browser separated by a colon the full curl request would look something like this now if we run this command in the terminal ill press properly and it even sends out the text message i hope that this has been a helpful guide for helping you answer the question of how to implement api authentication and good luck with the coding interview