https://www.robinwieruch.de/node-express-server-rest-api/

Representational State Transfer → Retrieve JSON through a stateless transfer.

• Resource based, grabs the resource directly
• Leverages HTTP protocol
• Follows CORS (Cross origin resource sharing) for security. Only certain IP’s/locations should be allowed to use the API
  • There’s middleware in Express that will do this for you

<aside> 💡 Use Postman or Insomnia to help manage APIs

</aside>

Authentication

https://www.youtube.com/watch?v=mbsmsi7l3r4

<aside> 💡 Set expiration dates for your access token and create refresh access tokens.

</aside>

Sign with a JWT (json web token) for accessing and refreshing the API access key.

Refreshing your token helps makes thing be more secure in case a user gets your access key.

Powerful: can be used across servers! Example: a banking website that has one server for your banking and one for your retirement account. You wouldn’t have to log back in for your retirement account.

Also, you can have one server for authentication and another for your main server.

You would prob create a database/cache for your refresh tokens.

Create something to delete refresh tokens so there’s no infinite refresh tokens.