Skip to content

CaseX API Documentation

Jump to bottom
Eileen Choe edited this page Nov 25, 2017 · 1 revision

Authentication

The CaseX API uses token based authentication.

  • JWTs are a structured and stateless way to declare a user and what they can access.
  • Tokens are given to users after they present correct email and password
  • The web-client stores this token in sessionStorage which persists the token until the window is closed
    • Known vulnerabilities to this approach include cross-site scripting (XSS) attacks, because Web Storage is accessible through JavaScript on the same domain. (Another option for JWT client storage is cookies)
  • JWTs sent through https

References

Cacheability

  • Caching is a requirement per the REST architectural style
  • CaseX API response headers include etag and Cache-Control to enable HTTP Caching
  • Etag is an opaque identifier assigned by a web server to a specific version of a resource found at a URL
    • Generated by Express framework
  • Cache-Control set to expire in one day

Clone this wiki locally