Design Arch - REST API Authentication Setup on Heroku for iOS [Swiftoberfest]

Welcome to Project Almasato:

Baton Rouge I is the one of several challenges to build out public facing mobile REST services. In this challenge we'd like to build out an user authentication service that provides basic security layer for REST API:

• Authenticates user/password generate API key
• If authentication is successful returns API key to mobile app for accessing APIs
• If authentication failed return authorization error HTTP 401 code

Create authorization REST service with Node.js, Express and Passport frameworks that has the following characteristics:

• Version endpoint <heroku app base url>/aps/1.0/authorize
• method: PUT
• parameters: strings user id represented by email and passcode alphanumeric value
• return result APSKEY as API key or HTTP 401 error
• generate MD5 hash API key by concatination of user id and pascode and match the key against User existing key stored in server database

User email and psscode, MD5 hash will be created by system stored in DB. User will ge access by e-mail invitation to access API & app. No self-registration avaible. All mobile APIs for this project will use this method to get API key to call other REST services. This security layer cover all future API for this project. The example API code is provided as a resource can use it as starting point. Sample HTTP digest Passport code can also be downloaded from github

Final Submission Guidelines