Build an OAuth2-Protected API you own this product

basic Node.js
skills learned
apply best API design practices for communicating success and failures • protect API routes using JWT-formatted access tokens and authorization middleware • validate data sent to an API
Josh Cunningham
1 week · 6-8 hours per week · BEGINNER

pro $24.99 per month

  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose one free eBook per month to keep
  • exclusive 50% discount on all purchases

lite $19.99 per month

  • access to all Manning books, including MEAPs!


5, 10 or 20 seats+ for your team - learn more

Look inside

Improve developer engagement in PrincipalStack, an online publication of software development content. As its sole software engineer, your task is to create an API to expose the posting functionality of the Node.js web application. You’ll build a simple CRUD (create, read, update, delete) API and protect it with JWT-formatted access tokens issued by the authorization server, while maintaining the association between the content managed by the API and the original user who created it. When you’re done, you’ll have provided an interface for all external contributors, enhancing their user experience.

This project is designed for learning purposes and is not a complete, production-ready application or solution.

project author

Josh Cunningham

Josh Cunningham is a staff product engineer at Okta (formerly Auth0) leading a team of engineers to help partners build identity solutions. Previously, he led the onboarding program for new engineers and built open-source SDKs to help customers connect their applications to Auth0 using OpenID Connect, OAuth2, and SAML. Josh has been teaching and writing about technology for over two decades in various leadership, design, and engineering roles.


This liveProject is for intermediate JavaScript developers with some experience building or maintaining a web application using Node.js. To begin these liveProjects you’ll need to be familiar with the following:

  • Basic JavaScript (declare variables, use loops and branches, object and array destructuring, debugging, error handling)
  • Basic Node.js (including npm and Express.js)
  • Basic command line/terminal proficiency
  • Intermediate in-browser development tool use (such as network call tracing (including URL parameters and request headers) and cookie management)
  • Basic HTML, specifically forms
  • Basic npm to create a new JS project and manage packages


You choose the schedule and decide how much time to invest as you build your project.
Project roadmap
Each project is divided into several achievable steps.
Get Help
While within the liveProject platform, get help from other participants and our expert mentors.
Compare with others
For each step, compare your deliverable to the solutions by the author and other participants.
book resources
Get full access to select books for 90 days. Permanent access to excerpts from Manning products are also included, as well as references to other resources.

choose your plan


only $41.67 per month
  • five seats for your team
  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose another free product every time you renew
  • choose twelve free products per year
  • exclusive 50% discount on all purchases
  • Build an OAuth2-Protected API project for free