Now, we are ready to set up the user and configure Spring Security to protect our API.
Now we are ready to add users. We can do it two ways.
In this episode, we are adjusting the model.
Yesterday we updated the endpoints in the API and today I was going to implement it in RAML and let the generator we use to create the Spring MVC code. However, I had another problem with the generator again as it wasn’t generating the createTask method anymore because I put the boardId in the path. Besides that, the code started to get messy with no added benefit anymore.
Before we implement any security, let’s step back and add multiple kanban boards for a user.
Last time we started talking about security and I asked you how you would advise me as your client.
It is time for thinking about the securing our API. Right now, it is open to everyone, which we don’t want. So, what choices do we have?
When we return error messages, and along, we should not expose too much information. Same goes for normal data. More, especially detailed is not always better. It depends on the type of API and what the clients do with it and who the clients are.
Last time we talked about using proper HTTP status codes and also returning errors in a JSON format back to the client.
Let’s start talking about error handling in our API.