Overview
The Data Theorem API Protect NodeJS SDK is a NodeJS library that provides protection for APIs written in Javascript. The SDK integrates with your NodeJS API using the API Protect middleware which supports most popular NodeJS frameworks. To Protect an API, all the API developer needs to do is add the API Protect middleware to their web application code set the client Id we provide
Installation
Step 1: Add the package to dependencies
To install API Protect the provided NodeJS package must be added as a dependency, typically by adding it to a package.json file. Here is an example of how to add the package:
Example adding dependency to via npm
npm link ./apiprotect
Example adding dependency to via yarn
yarn add file:./apiprotect
Step 2: Add the middleware to the application
The middleware for your web framework should be imported and added to your application.
Note: The ordering of middleware is important
This middleware may be added before or after any logging middleware,
but it should be before other middleware or application code.
Request Flow
│
┌───────────────────────────────────┐ │
│ Logging Middleware │ │
└───────────────────────────────────┘ │
┌───────────────────────────────────┐ │
│ Api Protect Middleware │ │
└───────────────────────────────────┘ │
┌───────────────────────────────────┐ │
│ Other Middleware │ │
└───────────────────────────────────┘ │
│
▼
* OR *
Request Flow
│
┌───────────────────────────────────┐ │
│ Api Protect Middleware │ │
└───────────────────────────────────┘ │
┌───────────────────────────────────┐ │
│ Logging Middleware │ │
└───────────────────────────────────┘ │
┌───────────────────────────────────┐ │
│ Other Middleware │ │
└───────────────────────────────────┘ │
│
▼
Example using Express middleware
// example using Express middleware
const express = require('express')
const apiprotect_middleware = require('./apiprotect-express-middlware.js')
const app = express()
app.use(apiprotect_middleware())
Step 3: Set the Client ID
For each API you protect Data Theorem provides a unique identifier which authenticates the SDK when it communicates with our services. The client id we provide can be set in two way, either via an environment variable DT_API_PROTECT_CLIENT_ID or by passing it directly to the middleware.
Setting the environment variable is the preferred way, but if you need to pass it to the middleware, here is how to do that:
Example passing client_id to Express middleware
// example passing client_id to Express middleware
const express = require('express')
const apiprotect_middleware = require('./apiprotect-express-middlware.js')
const settings = require('settings')
const app = express()
app.use(apiprotect_middleware({"clientId": settings.clientId}))
Step 4: Start the agent
The NodeJS middleware communicate with an agent process running in the same VPC via HTTP. The agent binary should be executed along with the NodeJS application, and it must be reachable via HTTP from the NodeJS application.
Example API Protect agent usage
usage: data-theorem [-h] [--agent-name AGENT_NAME] [--address ADDRESS]
[--port PORT]
API Protect Extension
optional arguments:
-h, --help show this help message and exit
--client-id CLIENT-ID client Id default env DT_API_PROTECT_CLIENT_ID
--address ADDRESS host the API Protect API should listen on default 127.0.0.1
--port PORT port the API Protect API should listen on default 31337
Example executing API Protect agent
./data-theorem