Securing your APIs with JSON Web Tokens (JWT)
At LaborVoices we're building a platform for collecting feedback from laborers in developing countries about their working conditions. Because our work is global and ever expanding, we recently started work on breaking up our platform into smaller connected systems.
One of the challenges we faced was how to effectively secure our public facing APIs, so that we can have a robust and distributed system. The key challenge was to have a scalable solution for Authentication AND Authorization. We eventually came across JSON Web Tokens, which met and exceeded our expectations.
I would like to share our experiences of building an Ember JS front-end and Grape/Sequel API secured with JWT for the Symphony platform. I hope to inspire someone to try JWT for themselves.