Server Applications with API

In this scenario we will build a Timesheet API for a fictitious company named ExampleCo. The API will allow additional timesheet entries for an employee or a contractor.

We will also be building a cron job which will process timesheet entries from an external system to the centralized timesheet database using the API.

TL;DR

  • Auth0 provides API authentication and authorization as a means to secure access to API endpoints (read API Authentication and Authorization)
  • For authorizing a Machine-to-Machine Application (a CLI, service or daemon where no user interaction is involved) Auth0 supports the Client Credentials grant (read Client Credentials Grant)
  • Both the Machine-to-Machine Application and the API must be configured in the Auth0 Dashboard (read Auth0 Configuration)
  • The API will be secured by ensuring that a valid access token (which is implemented as a JSON Web Token) is passed in the HTTP Authorization header when calls are made to the API (read Implement the API)
  • Upon successful authorization an access token is issued to the Machine-to-Machine Application (read Get an access token)
  • The Machine-to-Machine Application can in turn use this access token to pass along as an HTTP Authorization header to authenticate calls to API endpoints (read Invoke the API)

The Premise

ExampleCo is a consulting startup company. Currently they have approximately 100 employees and also outsource to external contractors. All employees and external contractors are required to complete timesheets every week. For this purpose, they built a timesheets application, a scenario we covered in Single Sign-On for Regular Web Apps. Internal employees use this web app to fill in their timesheets but some of the external contractors already use another tool to track their timesheets. ExampleCo needs a solution to avoid the double work and decided to build a cron job to read the timesheet entries from this external system and automatically upload those to ExampleCo's backend using an API.

Goals & Requirements

ExampleCo wants to build a flexible solution that:

  • Allows for automated processes working on the backend

  • Allows for future application launches, like a mobile application, in the architecture

  • Allows for the Timesheets API to be secure and accessed by authorized users and applications

  • Allows for a large part of code and business logic for the application to be shared across other apps

Learn more