NestJSframework~30 mins

Why authentication secures NestJS APIs - See It in Action

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Why authentication secures NestJS APIs

📖 Scenario: You are building a simple NestJS API for a book store. You want to make sure only logged-in users can access the list of books.

🎯 Goal: Build a NestJS API that uses authentication to protect the GET /books endpoint so only authenticated users can get the book list.

📋 What You'll Learn

Create a simple array of book objects as data

Add a configuration variable to simulate a user token

Use a guard to check the token for authentication

Protect the GET /books route with the authentication guard

💡 Why This Matters

🌍 Real World

APIs often need to protect sensitive data so only authorized users can access it. Authentication guards in NestJS help secure routes easily.

💼 Career

Understanding how to secure APIs with authentication is a key skill for backend developers working with NestJS or any server framework.

Progress0 / 4 steps

DATA SETUP: Create the books data array

Create a constant array called books with these exact objects: { id: 1, title: 'NestJS Basics' } and { id: 2, title: 'Advanced NestJS' }.

NestJS

# Create the books array with two book objects
# Your code here

Need a hint?

Use const books = [ ... ] with two objects inside.

CONFIGURATION: Add a token variable for authentication

Create a constant string called VALID_TOKEN and set it to 'secret-token' to simulate a valid user token.

NestJS

const books = [
  { id: 1, title: 'NestJS Basics' },
  { id: 2, title: 'Advanced NestJS' }
];

// Add the VALID_TOKEN constant below
# Your code here

Need a hint?

Use const VALID_TOKEN = 'secret-token';

CORE LOGIC: Create an authentication guard

Create a class called AuthGuard with a method canActivate(context) that returns true only if the request header authorization equals VALID_TOKEN. Use context.switchToHttp().getRequest() to get the request.

NestJS

const books = [
  { id: 1, title: 'NestJS Basics' },
  { id: 2, title: 'Advanced NestJS' }
];

const VALID_TOKEN = 'secret-token';

// Create AuthGuard class with canActivate method
# Your code here

Need a hint?

Use class AuthGuard with a canActivate(context) method that checks the authorization header.

COMPLETION: Protect the GET /books route with AuthGuard

Create a controller class called BooksController with a method getBooks() that returns books. Use a decorator @UseGuards(AuthGuard) on getBooks to protect it.

NestJS

const books = [
  { id: 1, title: 'NestJS Basics' },
  { id: 2, title: 'Advanced NestJS' }
];

const VALID_TOKEN = 'secret-token';

class AuthGuard {
  canActivate(context) {
    const request = context.switchToHttp().getRequest();
    return request.headers.authorization === VALID_TOKEN;
  }
}

// Create BooksController with getBooks method protected by @UseGuards(AuthGuard)
# Your code here

Need a hint?

Use @UseGuards(AuthGuard) above getBooks() method inside BooksController.