Simple user authentication should be simple. That’s why we’ve created a new help video with step-by-step instructions on how to write a server that can securely authenticate the MindMeld API.
If you missed it, check out this screencast on how to get up and running with the Ranking Dashboard.
TRANSCRIPT:
In this screencast, I’ll show you how to get started with simple and secure user authentication in order to get a token to authenticate requests with the MindMeld API. The server we’re going to build will be in Node, so make sure you have it installed on your computer. You can do that by going to Nodejs.org.
We’ll be using the information in our documentation page to write a server using simple user authentication. To get there, go to developer.expectlabs.com, navigate to the documentation page, and click on the “Authentication” link in the left-hand tab. Here, you can read through more details.
Alright. Let’s go ahead and create a new directory that will hold our application. I will call it NodeMMAuth. I’m going to do an NPM MIT here to get that started. First, I’m going to create a file called MMauth.js. Some of the dependencies will have our requests, which is a library that let you make HTTP requests. We’ll use that to communicate with the MindMeld API. And then Restify, which easily processes RESTful API requests. You can also use Express, or any other Node libraries you’d like to use.
The main method in this module is going to be Start and it will have a little bit of configuration in it. Some variables we’ll want include the server and configuration. So we’ll create the server using Restify and we’ll get that server to listen on a port, which we’ll specify in the configuration. For now we’re just going to log so we know the server is working. This is just a log that has the name and the URL. Up here we need to store the configuration, so I’ll set that and if it’s not there I’ll set a default and I’ll do the same thing for the port.
Now I’m going to test and see if the log works. Alright, it’s listening so that part works so far. Now that we have the Restify server running we’re going to have it listen to a specific type of request in order to get a request. With Restify, the request is going to take parameters that are passing through the bod. Therefore, we need to make sure our server can handle that so we add a body parser. Then, when the POST request is made to the user’s path we’ll have it handled in the POST users function. For now, this function is just going to be a log to let us know that things are working.
Alright, so now we’re going to test to see if that works and we’ll start our Node server. It’s listening, so now I’m going to make a request to that server using curl.
We can see in the log that it says “posting user.” That means the log went through and we can do more things. First, we need new configuration parameters. One would be the application ID, which we can’t start with until it’s there. You can get this app ID from the MindMeld developer center. Click on your username to get to this page. We also need an application secret so we can pass it to the API to do simple user authentication. So here we’re going to pass in those things so we can communication with the MindMeld API. We don’t want to return until we get a response from the API. What we need to do first is parse the request for the authentication info. At a minimum, we’ll need a user ID and a username. And if we don’t pass in a name it’s not that important, but we definitely need an ID.
Alright, so I’m going to make a POST request. We need to pass the ID and app secret in as headers here. Now we need to specify the credential for the user here. And then the callback will specify that the MindMeld ID is different so it’s clear that this is the user ID that the MindMeld API is using, and also includes the simple user ID that we used in the request. Then we return the data. Now we test it out. Restart the server. Great, it’s listening.
Now, we’ll specify the data. Here’s we’ll pass the user ID, just “1234” for now, along with the name. Now, the URL.
We can see it returned our token which we can then use to authenticate requests from the API. If you wanted to do something more complicated, you could instead have the client-side pass in a user ID and password and you could then validate whatever the request is before making the request to MindMeld to get the token. Since this is just a simple example, we won’t go into that here.
I hope you now understand how you can write a server to securely authenticate the MindMeld API using whatever logic you’d like. Thanks for watching!
