Generating API tokens using node

Question

I am writing an app that will expose an API. The application allows people to create workspaces and add users to them. Each user will have a unique token. When they make an API

Answer 1

I think the following are the best solution for Generating API tokens

• JWT (Json web Token)
• Speakeasy - This generate token based on timebased twofactor authentication like google authenticator

Speakeasy is more secure because this key is only available for a small time period (e.g, 30 second)

Answer 2

If you using mongodb just use ObjectId, othewise I recommend substack's hat module.

To generate id is simple as

var hat = require('hat');

var id = hat();
console.log(id); // 1c24171393dc5de04ffcb21f1182ab28

Answer 3

How does this code make sure your token is unique? I believe you could have collision of numbers with this code. I believe you need to have a sort of sequence number like in this commit from socket.io.

Also you could use npm projects like for example:

• UUIID (v4)
• hat

to ensure uniqueness.

Answer 4

Why not just use UUIDv4 if you are looking for something unique? If you are interested in some other type of hashing (as mentioned previous hat is a good choice), you might look at speakeasy - https://github.com/markbao/speakeasy. It not only generates random keys but it can also create timebased twofactor authentication keys if you ever really want to layer on additional security strength.