Handling authentication through username and password is the most common way of securing a back-end API. This requires a front-end form to input and submit user credentials and a back-end API to validate and authorize a user session. Let's explore how to implement the back-end part of this relationship first, in Express.