DEV Community

Bachi for Auth0

Posted on • Edited on • Originally published at auth0.com

Authorization Series — Pt 2: Securing HTTP APIs with RBAC rules

Editor's Note: This is the second, technical post in a 3-part series on focusing on Authorization. Stay tuned for the last part in this series, focusing on dynamic authorization.

TL;DR: In this article, you will learn how you can leverage Auth0's RBAC (Role-Based Access Control) feature to handle end-user authorization in your APIs. The article will start by proposing a simple scenario where you could use RBAC to secure API endpoints; then, it will show how you can map this scenario in your Auth0 dashboard and how you can implement it on a Node.js and Express API. Although the samples shown here use this specific combination of technologies (Node.js and Express), you will see that the solution is easy to implement and that you can translate it to any other platform you might be using.

Important Note: This article takes advantage of the Groups feature that is currently in beta testing. To get access to this feature, please, follow the instructions on the New Beta Program for Authorization Groups announcement.

Continue Reading 📖

Top comments (0)