Versions Compared

Old Version 3

changes.mady.by.user John Gerlock

Saved on

compared with

New Version Current

changes.mady.by.user Alban

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Data Theorem API Protect NodeJS SDK is a NodeJS library that provides protection for APIs written in Javascript. The SDK integrates with your NodeJS API using the API Protect middleware which supports most popular NodeJS frameworks, including:

To Protect an API, all the API developer needs to do is add the API Protect middleware to their web application code set the client Id we provide

...

Code Block
languagebash
npm linkinstall ./apiprotect-v1.0.0.tgz

Example adding dependency to via yarn

Code Block
languagebash
yarn add file:./apiprotect-v1.0.0.tgz

Step 2: Add the middleware to the application

...

Code Block
languagetext
This middleware shouldmay be added before or after any logging middleware,
but it should be after body parsing middleware and before other middleware
or application code.


                                        Request Flow
    ┌───────────────────────────────────┐   │
    │      Logging Middleware           │   │
    └───────────────────────────────────┘   │
    ┌───────────────────────────────────┐   │
    │      Body Parsing Middleware         
    └───────────────────────────────────┘   
    ┌───────────────────────────────────┐   
          Api Protect Middleware       
    └───────────────────────────────────┘   ┌───────────────────────────────────┐   │
    │         LoggingOther Middleware          │   │
    └───────────────────────────────────┘        
                                            ▼ 
                     *  OR *
                      
                                       Request Flow

    ┌───────────────────────────────────┐   │
    │      Body Parsing Middleware      │   │
    └───────────────────────────────────┘   │                                       │
    ┌───────────────────────────────────┐   │
    │      Api Protect Middleware       │   │
    └───────────────────────────────────┘   │
    ┌───────────────────────────────────┐   │
    │      Logging Middleware              │
    └───────────────────────────────────┘   │
    ┌───────────────────────────────────┐   │
    │         Other Middleware          │   │
    └───────────────────────────────────┘   │
                                            │
                                            ▼

Example using Express middleware

Code Block
// example using Express middleware

const express = require('express')
const apiprotect_middleware = require('./apiprotect-express-middlware.js')

const app = express()

Example using Express middleware

Code Block
const express = require('express');
const apiprotect = require('apiprotect');

const app = express();

// Register body parsing middlware then APIProtect middlware
app.use(express.json());
app.use(apiprotect_middleware.default()); // ClientId read from ENV: `DT_API_PROTECT_CLIENT_ID`

Step 3: Set the Client ID

For each API you protect Data Theorem provides a unique identifier which authenticates the SDK when it communicates with our services. The client id we provide can be set in two way, either via an environment variable DT_API_PROTECT_CLIENT_ID or by passing it directly to the middleware.

The client id is in a file named client_id in the sdk bundle you downloaded.

Example setting the client id via ENV Var

> source ./client_id && npm run

Setting the environment variable is the preferred way, but if you need to pass it to the middleware, here is how to do that:

Example passing

...

clientId to Express middleware

Code Block
languagejs
// example passing client_id to Express middleware

const express = require('express');
const apiprotect_middleware = require('./apiprotect-express-middlware.js');
const settings = require('settings')

const app = express();

// Register body parsing middlware then APIProtect                            

middlware
app.use(express.json());
app.use(apiprotect_middleware({"clientId": .default(settings.clientId}))

Step 4: Start the agent

The NodeJS middleware communicate with an agent process running in the same VPC via HTTP. The agent binary should be executed along with the NodeJS application, and it must be reachable via HTTP from the NodeJS application.

Example API Protect agent usage

Code Block
usage: data-theorem [-h] [--agent-name AGENT_NAME] [--address ADDRESS]
                    [--port PORT]
API Protect Extension
optional arguments:
  -h, --help            show this help message and exit
  --client-id CLIENT-ID client Id default env DT_API_PROTECT_CLIENT_ID
  --address ADDRESS     host the API Protect API should listen on default 127.0.0.1
  --port PORT           port the API Protect API should listen on default 31337

Example executing API Protect agent

Code Block
languagebash
./data-theorem)); // ClientId passed as param