Adding an API to an AdonisJS Web App

Beginner
42 Lessons
5h 17m

In this series, we'll add a API, using Opaque Access Tokens for authentication, to a preexisting web application. We'll implement dual-guard authentication, add a token management panel, and authenticate our API directly with an organization model!

Module 1 › Introduction (4 lessons)

Goal of this Series
Lesson 1.0
・
Apr 18

Goal of this Series

We'll cover the scope of this series and show some of the functionalities we'll be building throughout, which include an access token management panel, opaque access token authentication using an organization model, and building an API.

Getting Up and Running
Lesson 1.1
・
Apr 18

Getting the Web Project Up & Running

We'll get our web project cloned down. Then, we'll get it configured by first creating our database and running our migrations and seeder. Lastly, we'll get a test SMTP email inbox set up through MailTrap.

Getting Familiar with our Web Project
Lesson 1.2
・
Apr 18

Getting Familiar with our Web Project

In this lesson, we'll quickly walk through the web application we've cloned down to get familiar with the data at play, how it's presented to the user, and the features at hand.

Lesson 1.3
・
Apr 18

Overview of our Database Schema

In this lesson, we'll take a high level look at our database's schema so that we have an understanding at the entities and models at play and how they relate to one another within our application.

Module 2 › API Authentication (9 lessons)

Configuring Api Authentication
Lesson 2.0
・
Apr 21

Configuring Access Token Auth on top of Session Auth

In this lesson, we'll get opaque access tokens configured within our AdonisJS application on top of the already configured session/web authentication. This will include configuring the guard and setting up the db access token provider.

Separation of Concerns
Lesson 2.1
・
Apr 21

Separation of API & Web Auth Guard Concerns

In this lesson, we'll restrict our routes to their applicable authentication guard. Ensuring our web routes can properly authorize using their role-based authorization and our API can properly authorize using our access token abilities.

Access Token Abilities
Lesson 2.2
・
Apr 21

Defining Access Token Abilities & DTO

In this lesson, we'll finish up our preparation work by creating a data transfer object (DTO) for our access tokens. Then, we'll define what our token abilities will be within our application's API.

Creating Access Tokens Part 1: AdonisJS
Lesson 2.3
・
Apr 25

Creating Access Tokens Part 1: AdonisJS

In this lesson, we'll add a route to the settings portion of our application allowing the user to create an opaque access token (OAT), with the desired permissions, for the active organization.

Creating Access Tokens Part 2: VueJS
Lesson 2.4
・
Apr 25

Creating Access Tokens Part 2: Inertia/Vue

In this lesson, we'll rig up the create access token route we created in the last lesson to a form within our Vue application. We'll also stub the overall manage access tokens card for the organization itself.

OAT vs JWT
Lesson 2.5
・
May 02

Opaque Access Tokens (OAT) vs JSON Web Tokens (JWT)

In this lesson, we'll take a step back to understand the differences between the tokens we're using, which are Opaque Access Tokens (OAT), and JSON Web Tokens (JWT). We'll discuss security, scalability, and what makes up each token.

Adocasts Plus Exclusive
Exclusive
Listing Access Tokens
Lesson 2.6
・
May 02

Listing an Organization's Access Tokens

In this lesson, we'll query all of our organization's access tokens and filter out any tokens that are expired. Then, we'll list the organization's tokens showing it's name, abilities, when it was created, and when it was last used.

Adocasts Plus Exclusive
Exclusive
Copying the Access Token
Lesson 2.7
・
May 22

Displaying & Copying A Newly Created Access Token

In this lesson, we'll add a secondary step to our access token creation flow that will display the newly created access token to the user one time, allow them to copy the token, then drop the token completely from memory.

Adocasts Plus Exclusive
Exclusive
Deleting Access Tokens
Lesson 2.8
・
May 22

Deleting/Revoking Access Tokens

In this lesson, we'll add the ability for our users to revoke an access token by deleting it out of our database.

Module 3 › Getting Started with APIs (4 lessons)

Adocasts Plus Exclusive
Exclusive
Goal of our API
Lesson 3.0
・
May 30

The Goal of our REST API

In this lesson, we'll briefly give an overview of REST and how we'll be taking a practical approach to it when building our API.

Adocasts Plus Exclusive
Exclusive
Our first API endpoint
Lesson 3.1
・
May 30

Our First API Endpoint to Get Our Organization's Details

In this lesson, we'll add the first endpoint to our API. With this endpoint we'll return back the Organization's details for the provided Access Token with the request.

Adocasts Plus Exclusive
Exclusive
Setting up our REST Client
Lesson 3.2
・
May 30

Setting Up Our REST Client

In this lesson, we'll take some time to get set up and get comfortable with a REST Client application. This will allow us to store our API endpoints within collections to simplify testing them as we build them out. In this series, I'll be using Hoppscotch

Adocasts Plus Exclusive
Exclusive
Simple API Versioning
Lesson 3.3
・
May 30

Simple API Versioning

In this lesson, we'll implement a simple versioning mechanism for our API. Versioning allows us to safely make breaking changes without breaking our user's implementations of our API.

Module 4 › Organization Resources (8 lessons)

Adocasts Plus Exclusive
Exclusive
Listing Difficulties
Lesson 4.0
・
Jun 12

Listing Organization Difficulties

In this lesson, we'll begin work on our first CRUD-based API resource by adding the ability to query a list of all our organization's difficulties.

Adocasts Plus Exclusive
Exclusive
Creating Difficulties
Lesson 4.1
・
Jun 12

Creating Organization Difficulties

Next, we'll add a POST route and handler so that we can create difficulties from our API

Adocasts Plus Exclusive
Exclusive
Getting A Difficulty
Lesson 4.2
・
Jun 12

Getting A Specific Difficulty

In this lesson, we'll add a GET API route enabling us to get the details of a specific difficulty by providing the difficulties id via route parameter.

Adocasts Plus Exclusive
Exclusive
Updating A Difficulty
Lesson 4.3
・
Jun 12

Updating A Difficulty

In this lesson, we'll add a PUT API route to handle updating our difficulties! This route will also accept in a specific difficulty id via route parameter to specify which difficulty should be updated.

Adocasts Plus Exclusive
Exclusive
Deleting A Difficulty
Lesson 4.4
・
Jun 12

Deleting A Difficulty

The last CRUD method we need to add is the ability to delete our a difficulty by adding a DELETE API route, we'll take care of that in this lesson.

Adocasts Plus Exclusive
Exclusive
Access Level CRUD
Lesson 4.5
・
Jun 20

Access Level API CRUD

In this lesson, we'll walk through adding API endpoints for the full CRUD (create, read, update, and delete) flow for our organization's access levels.

Adocasts Plus Exclusive
Exclusive
Status CRUD
Lesson 4.6
・
Jun 20

Status API CRUD

In this lesson, we'll duplicate everything we did one more time for our organization's statuses.

Adocasts Plus Exclusive
Exclusive
API Authorization
Lesson 4.7
・
Jun 20

API Authorization Checks

In this lesson, we'll implement our API Authorization checks across all the API controller methods we've implemented thus far. We'll then create a specific access token for each operation (read, create, update, and delete) to ensure everything is working.

Module 5 › Courses (10 lessons)

Adocasts Plus Exclusive
Exclusive
Listing Courses
Lesson 5.0
・
Jun 27

Listing Courses

Our goal in this step is to add an endpoint that lists our courses. We'll then build upon this endpoint further with the ultimate goal of getting a list of paginated courses.

Adocasts Plus Exclusive
Exclusive
Creating, Updating, and Deleting Courses
Lesson 5.1
・
Jun 27

Creating, Updating, and Deleting Courses

In this lesson, we'll add endpoints to allow creating, updating, and deleting courses from our API. We'll then use this to stub a number of test courses to give us wiggle room to play with our pagination.

Adocasts Plus Exclusive
Exclusive
Paginating Courses
Lesson 5.2
・
Jun 27

Paginating our Course List

In this lesson, we'll transform our courses list endpoint into a pagination endpoint. We'll check and validate our query string for a page and per page parameter that we'll then use to fetch pages of our courses.

Adocasts Plus Exclusive
Exclusive
Course Modules & Lessons
Lesson 5.3
・
Jul 15

Getting A Course's Details, Modules, & Lessons

In this lesson, we wrap up the Courses controller by adding a show method that fetches all the key info for a single course. That includes its modules and lessons, all nicely organized and ready to use in your API response.

Adocasts Plus Exclusive
Exclusive
Patching Course Tags
Lesson 5.4
・
Jul 15

Updating A Course's Difficulty, Status, or Access Level

In this lesson, we'll add a specific endpoint with the ability to patch a course's difficulty, status, or access level with a new value so our users have a way to update these without needing to send the entire course payload.

Adocasts Plus Exclusive
Exclusive
Course Modules Nested Resource
Lesson 5.5
・
Jul 15

Course Module Nested Resource

In this lesson, we'll work on nested resourceful endpoints for our course modules. We'll add endpoints to create, update, patch, and deleting modules from a specific course.

Adocasts Plus Exclusive
Exclusive
Get Modules Endpoint
Lesson 5.6
・
Jul 23

Getting Just Course Modules & Lessons

In this lesson, we'll remove our GET module route, using the except method on our resource. Then we'll refactor to add a GetModules action

Adocasts Plus Exclusive
Exclusive
Fixing ESLint Integration
Lesson 5.7
・
Jul 25

Fixing Our ESLint Integration

I Ran into a ReferenceError and realized our ESLint wasn't working. In this lesson, we'll take a brief aside to fix the linting within our project so it works with ESLint v9

Adocasts Plus Exclusive
Exclusive
Lesson Operations
Lesson 5.8
・
Jul 25

Lesson Operations

In this lesson, we'll implement most of the CRUD functionality for our lessons, including creating, updating, deleting, and patching our lesson's tags. We'll also discuss why we'll treat lessons as a top-level resource.

Adocasts Plus Exclusive
Exclusive
Getting A Module's Lessons
Lesson 5.9
・
Jul 31

Getting A Module's Lessons

In this lesson, we'll remove our lesson's index method in favor of a module method whose purpose will be to fetch a module's specific lessons in their stored order.

Module 6 › Searching (7 lessons)

Adocasts Plus Exclusive
Exclusive
Basic Course Filtering
Lesson 6.0
・
Aug 05

Basic Course Search & Filter

In this lesson, we'll add a new search endpoint for our courses and enable some basic filter functionality along with it. We'll be able to search by course name likeness, status, difficulty, and/or access level.

Adocasts Plus Exclusive
Exclusive
Advanced String Filtering
Lesson 6.1
・
Aug 07

Advanced String Filtering

In this lesson, we upgrade our course name filter to support both simple strings and advanced object-based queries using VineJS’ union rule. This allows users to specify not just what to search for, but how to search for it.

Adocasts Plus Exclusive
Exclusive
Filtering by a Number or Array of Numbers
Lesson 6.2
・
Aug 11

Filtering by a Number or Array of Numbers

In this lesson, we'll implement our number filtering system in which we'll allow our search APIs to accept a single number or an array of numbers to filter the data by. To validate this, we'll use the union rule from VineJS.

Adocasts Plus Exclusive
Exclusive
Reusing Search Courses
Lesson 6.3
・
Aug 14

Making our Search Course Action Easily Reusable

In this lesson, we'll make our search course filters optional to increase the reusability of our action. We'll then switch our courses index route handler to use this action.

Adocasts Plus Exclusive
Exclusive
Searching and Filtering Lessons
Lesson 6.4
・
Aug 14

Searching and Filtering Lessons

In this lesson, we'll take the filters we've created thus far and apply them to a new lessons search endpoint. We'll be able to search our lessons by name, status, access level, and module.

Adocasts Plus Exclusive
Exclusive
Filtering by Publish Date
Lesson 6.5
・
Aug 20

Filtering Lessons by Publication Date

In this lesson, we'll add the ability to search lessons by their publish date and time. We'll utilize before and after properties to allow for filtering that can look forward, backward, or within a specific date range on our lesson's publish at column.

Adocasts Plus Exclusive
Exclusive
Optional Relationship Loading
Lesson 6.6
・
Aug 26

User-Defined Relationship Loading

In this lesson, we'll let our users tell us which relationships they'd like to get back in our lesson search. We'll also discuss how to handle nested relationships and what to watch out for.

excited robot

More in the works!

Add to your watchlist to get notified when new lessons are added

Sign in or sign up to add to your watchlist