Do I need Oauth2 For my Web Apps API

Question

I am trying to wrap my brain around building an express.js / node.js based REST API. I have a couple of questions...

1. Do I NEED token based / oauth 1 or 2 se

Answer 1

1. It does not depend if you use your REST server for web applications or for any other clients. If the service available in internet you should consider any client application as an "enemy". I mean you should not rely on any "trusted" client app, you should always perform authentication, if the client gets secured resource. Is the resource secured, it depend on your app. I prefer to use oauth2 in both cases. If resource is not secured, I use Client Credentials (http://tools.ietf.org/html/rfc6749#section-1.3.4), if it's secured I use Access Token (http://tools.ietf.org/html/rfc6749#section-1.4). It allows you to keep in the same tech, and easily change the things in the future, if it's needed. Based on my personal experience, I created module oauthifizer (https://github.com/vedi/oauthifizer). It's actually a wrapper around passport.js, which makes it more friendly in those particular cases.

2. You can have a look at this article: http://aleksandrov.ws/2013/09/12/restful-api-with-nodejs-plus-mongodb/. Again, you can consider to try restifizer (https://github.com/vedi/restifizer) - another module, which allows you to create RESTful services significant faster. And there is short example for it: https://github.com/vedi/restifizer-example

Hope it will help.