Open

Restful API Authentication and Authorization

I'm looking for experience node.js and [login to view URL] developer to design the authentication and role base authorization for my Restful API. Find below specification about the authentication and authorization Middlewares.

GROUPS

There will be groups for 37 States and a Management group for Super Admins. When logging in, a user will select his/her group. A user who is not a super Admin can not perform CRUD operation for another State routes except the R operation for public routes.

LOGIN AUTHENTICATION

User authentication will be token based using jsonwebtoken. The payload will carry the username, role, group, password. I'm not sure about the email. When logging in, the user will enter username, password, role and select their group (State or Management).

ROLES & PRIVILEGES

1. SUPER ADMIN ROLE (isSuperAdmin)

Super Admin can perform CRUD operations on the entire site and State groups. There will be a isSuperAdmin Middleware to authorize the user to certain routes.

2. ADMINS ROLE (isAdmin & isAdminOrSuperAdmin)

The Admin can perform CRUD operation for their state group except for routes with isSuperAdmin priviledges. For the D operation, I will provide a route that is soft delete which means whatever they delete will be subject to approval from the SuperAdmin.

3. COORDINATOR ROLE (isCoordinator & isAdminOrCoordinator)

The Coordinator can perform CRU operation for their state group except for routes with isAdmin priviledges. For some U operation, the update will be subject to approval from the Admin. They will be able to update record for there state that do not have the isAdmin authorization.

4. SUPERVISOR ROLE (isSupervisor)

The Supervisor can perform CRU operation for their state group except for routes with isAdmin or isCoordinator privileges. For some C operation, the update will be subject to approval from the Admin. They will be able to create record for the route with the isSupervisor middleware. Supervisors operate at local government level.

5. TASKFORCE ROLE (isTaskforce)

The taskforce can perform CRU operation for designated route. There will be a isTaskforce middleware to check the authorization.

6. REPORTER ROLE (isReporter)

The reporter can perform CRU operation for designated route. There will be a isReporter middleware to check the authorization.

7. OFFICER ROLE (isOfficer)

The officer can perform CRU operation for designated route. There will be a isOfficer middleware to check the authorization.

8. MANAGER ROLE (isManager)

The manager can perform CRU operation for designated route. There will be a isManager middleware to check the authorization.

9. FACILITATOR ROLE (isFacilitator)

The facilitator can perform RU operation for designated route. There will be a isFacilitator middleware to check the authorization.

10. VOLUNTEER ROLE (isVolunteer)

The volunteer can perform CRUD operation for their own record. There will be a isVolunteer middleware to check the authorization.

11. USER ROLE (isUser)

The isUser middleware will check whether a logged in member have the user role. The middleware will be used in some routes to allow R operation for users.

12. SUPERADMIN OR ADMIN MIDDLEWARE (isAdminOrSuperAdmin)

The isAdminOrSuperAdmin middleware will check whether a user have the super admin or admin role. The middleware will be used in some routes to allow CRUD operation for both Admins and SuperAdmins.

13. COORDINATOR OR ADMIN MIDDLEWARE (isAdminOrCoordinator)

The isAdminOrCoordinator middleware will check whether a user have the admin or coordinator role.

14. AUTHOR MIDDLEWARE (isAuthor) The isAuthor middleware will check that the user own the content they want to update or delete.

15. STATES AUTHENTICATION (belongToState)

I am thinking if there should be a belongToState middleware that authenticate if a user belongs to a particular state with the exception of the Super Admin so as to limit the user access to perform CRUD operation on state they do not belong to.

Skills: node.js, Express JS, JavaScript, PostgreSQL, API

See more: google apps python provisioning api authentication, authentication authorization user credentials using java spring, j2ee strut hibernate authentication authorization, rest api authentication example java, api authentication schemes, api key authentication, rest api authentication example c#, authentication and authorization methods, web api security best practices c#, api security checklist, api authentication token, net project smart card api authentication, hibernate authentication authorization, restful api php, python restful api, phonegap restful api, hyves api authentication, mvvm facebook api authentication, big commerce add customer via restful api, connectwise restful api

About the Employer:
( 0 reviews ) Yaba, Nigeria

Project ID: #25659777

9 freelancers are bidding on average $211 for this job

sodiqa32

Hello, I am pleasure with your job as detailed. Thank you for the job posting. It’s a pleasure to meet you. I’d really like to work with you on this one if possible! I do have a couple of questions, but first I’d like More

$30 USD in 1 day
(8 Reviews)
3.9
olyapotapenkode

Hello I have many experinces in Node + Express + Sequelize + Auth I can implement your needs asap I am very interested in your job and have some exapmles. This is my sample url: [login to view URL] (node More

$250 USD in 7 days
(2 Reviews)
3.0
rajatsehgal8

Hello, Hope you are doing well. I'm a node js developer having more than three year experience . after reading your description i'm interested in this project. i have my own frame work that handle role based authentica More

$400 USD in 3 days
(3 Reviews)
1.8
techpriyanka68

Hi, I have 6+ years of experience as Software Engineer and worked on many API projects including JWT authentication and authorization. Please share the details so that I can start the work and deliver this on time.

$167 USD in 2 days
(1 Review)
1.0
aduraolutunmida

Dear Respected Recruiter, I read with interest your posting for a fullstack web developer. I believe I possess the necessary skills and experience you are seeking for the job. Aside having 9 years experience building More

$200 USD in 7 days
(0 Reviews)
0.0
GauravSakhuja

Hi, I have done various web api projects using various authentication and authorisation schemes like OAuTh, role based, permissions based etc. Looking forward to hear from you. Thanks Gaurav

$278 USD in 5 days
(0 Reviews)
0.0
chinmayacharya19

This looks like an IAM project(Like aws iam for example), I have already done a few for couple of clients recently, I may even add my own two cents if you come and speak with me. I am a backend developer with 3 years More

$200 USD in 7 days
(0 Reviews)
0.0
riturajborpujari

Greetings, Thank you for your elaborate description of the requirements. You need - User Management system (for signup, sign in, group selection/ approval) - Role Based Access Control system (for authorizing your API More

$200 USD in 5 days
(0 Reviews)
0.0
sameerbairwa07

Hi I gone through your project description. I have done many projects related to your project description. I have good experience in authentication and authorization in nodejs. my expertise nodejs, expressjs, MongoDB a More

$170 USD in 7 days
(0 Reviews)
0.0