Authorization url

Server side url

This is the url that needs to be called from your server. It basically checks which user is making the request.

Since it checks in all the request hitting your server. We recommend using it in a middleware function in server script. By using it in a middleware function it is easier for you as a developer to either proceed with the request on terminating the request.

Node js implementation

const authenticate = async (req, res, next) => {
    const token = req.get("Authorization");
    const auth = new Promise(async (resolve, reject)=> {
    axios.post(`${auth_url}`, {
            access_token: token,
        },
        {
            headers: {
                'app_secret': `${app_secret}`
            }
        }
    )
    .then((response)=> {
        resolve(response.data);
    })
    .catch(()=> {
        reject();
    })

    auth.then((usercred)=> {
        // storing the user credentials for rest of the request lifecycle
        res.locals.uid = usercred.data.uid
        res.locals.email = usercred.data.email
        // getting control flow to request route
        next()
    })
    .catch(()=> {
        res.status(403).json({
            result: "You are not authorized to access this resource",
            success: false
        })
    })
}

So here authenticate is a middleware that must be running at every request coming to your server.

{
    "message": "user credentials",
    "data": {
        "uid": "asd21e88ds",
        "email": "johndoe7@gmail.com"
    }
}

Expected response.