I am using Express + NodeJS + Mongoose.js + PassportJS for my project. I created an API key for my client app in IOS, and every request is done by this apikey.
Sometimes I need user related data from the server. For example:
If I make a request to query venues, and see if the current user is already rated that venue.
To do this, I should send user id as a parameter to server to make a query related to current user.
As I see in Foursquare API, if the request user is authenticated, you can query user related data. If user is not authenticated, and only the app is authenticated, you cannot query user related data.
So, should I give every user an apikey? or Only 1 api key to one application that will use my API?
You have mentioned that you are using passportJs than why are you not using that for user authentication you have various options available to get user authenticated. what ever method you will choose depends on your requirement. To give you an idea to setup a basic authentication you can refer to this https://github.com/jaredhanson/passport-local/blob/master/examples/express3/app.js
From the example above you can verify if user is authenticated or not like this
function ensureAuthenticated(req, res, next) {
if (req.isAuthenticated()) { return next(); }
res.redirect('/login')
}
than you can use that method as route middle-ware to limit user access. I think the link I have attached gives you very good idea but if you still need any help let me know..
You need to have your users authenticate on Foursquare by redirecting them there first. You will only need one api key.
Consider using one of these libraries: https://github.com/Constantine-Fry/Foursquare-API-v2 https://github.com/baztokyo/foursquare-ios-api
or by doing yourself: https://developer.foursquare.com/overview/auth