The rapid pace of change in the JavaScript ecosystem has fueled the evolution of backend services to embrace service-oriented architecture (SOA) as the means of providing resources for client web applications. These backend services commonly rely on Representational State Transfer (REST) APIs as the primary means of communication with a front-end application.

The use of JSON to communicate via REST APIs is one that also unlocks a new layer of compatibility for a full stack JavaScript web application, such as the MEAN stack. Without a need to serialize and deserialize between different object representations, manipulating and working with API requests and responses can be done using pure JavaScript. Express, in its minimalist spirit, doesn't offer us a default approach for how to implement a REST API. However, it has all the parts we will need to easily build our own, using HTTP methods, middleware and JSON. In this chapter, we will discuss how to harness these fundamental building blocks in Express to build our own modern REST API implementation.

Implementing a service, such as a REST API, is often accompanied by the need to control access to the resource, usually by enforcing user ownership or permissions in some way. This authentication and authorization aspect is one of the most important roles for a web server to provide, because ultimately the front-end application can easily be compromised in terms of its data security. Only through our back-end services can we verify and validate user requests in a secure manner. Up until now, we've only worked on the periphery of the web server authorization lifecycle. In this chapter, we will finally close the loop on implementing a full user authentication and authorization system, including user login and session management.

By the end of this chapter, we will finally have all the parts needed to provide secure, robust REST API endpoints in your MEAN Stack web application.