Authentication helps protect your NestJS APIs by making sure only the right people can use them. It stops strangers from accessing private data or actions.
Use Guards and Strategies in NestJS to check user identity. Example: @Injectable() export class AuthGuard implements CanActivate { canActivate(context: ExecutionContext): boolean { // Check user token or credentials here return true; // or false } }
Guards run before your API code to check if the user is allowed.
Strategies define how to check user identity, like using JWT tokens.
import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common'; @Injectable() export class AuthGuard implements CanActivate { canActivate(context: ExecutionContext): boolean { const request = context.switchToHttp().getRequest(); return Boolean(request.headers.authorization); } }
import { Injectable } from '@nestjs/common'; import { PassportStrategy } from '@nestjs/passport'; import { ExtractJwt, Strategy } from 'passport-jwt'; // Define JWT strategy to extract and verify token @Injectable() export class JwtStrategy extends PassportStrategy(Strategy) { constructor() { super({ jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(), secretOrKey: 'secret' }); } validate(payload: any) { return { userId: payload.sub, username: payload.username }; } }
This simple controller has one route protected by the AuthGuard. Only requests passing the guard can get the profile message.
import { Controller, Get, UseGuards } from '@nestjs/common'; import { AuthGuard } from './auth.guard'; @Controller('profile') export class ProfileController { @Get() @UseGuards(AuthGuard) getProfile() { return { message: 'This is a protected profile data.' }; } }
Always protect sensitive routes with authentication guards.
Use HTTPS to keep tokens safe during transfer.
Test your guards to make sure unauthorized users are blocked.
Authentication stops strangers from using your API.
NestJS uses guards and strategies to check user identity.
Protect routes by applying guards to keep data safe.