Our search application trusts every incoming request. However, sometimes restricting access might be the right way to go. It would be desirable if, for every incoming request, we could accept and identify requests from certain users. This can be achieved using authorization tokens (auth tokens). An auth token is a secret code/phrase sent in the header for the key, Authorization.

Authorization and auth tokens are deep and important topics. It would not be possible to cover the complexity of the subject in this section. Instead, we will build a simple server that will make use of auth tokens to accept or reject a request. Let us look at the source code.