The Value Crew

Category: Uncategorized

BACK TO BLOG

How to Create an Instagram Account for Your Business in 2023

Adit Malakar
June 27, 2023
5 minutes min read
In today's digital age, social media has become an essential tool for businesses to connect with their target audience and promote their products or services. One platform that has gained tremendous popularity among businesses is Instagram. With over a billion active users, Instagram offers a great opportunity to showcase your brand and engage with potential customers. If you're looking to create an Instagram account for your business, this step-by-step guide will help you get started and optimize your presence on the platform.

In today’s digital age, social media platforms like Instagram have become invaluable tools for businesses to connect with their target audience, build brand awareness, and drive sales. With its visual nature and massive user base, Instagram provides a perfect platform for businesses to showcase their products or services. If you’re looking to create an Instagram account for your business but aren’t sure where to start, this guide will take you through the essential steps to get you up and running.

Step 1: Define Your Instagram Strategy

Before creating an Instagram account, it’s crucial to define your goals and target audience. Determine what you want to achieve with your Instagram presence, whether it’s increasing brand awareness, driving website traffic, generating leads, or boosting sales. Knowing your target audience will help tailor your content and messaging to resonate with them effectively.

Step 2: Download the Instagram App and Sign Up

Instagram is primarily a mobile platform, so the first step is to download the Instagram app from the App Store (iOS) or Google Play Store (Android). Once downloaded, open the app and tap “Create a new account” and then sign up with with either phone number or email.

Step 3: Choose a Username

Choosing the right username is crucial as it represents your business on Instagram. Ideally, your username should be your business name or something closely related to it. Ensure that it is easy to remember, spell, and reflects your brand’s identity.

Step 4: Choose a Profile Picture

Your profile picture should be recognizable and visually appealing. It’s recommended to use your business logo as the profile picture, as it helps in brand recognition. Make sure the logo is clear, well cropped, and stands out even in a small thumbnail size.

Step 5: Optimize Your Profile

Your Instagram profile serves as your business’s virtual storefront, so it’s essential to optimize it for maximum impact. Write a compelling bio that clearly describes what your business offers and includes relevant keywords. You can also include a link to your website or a specific landing page to drive traffic. Additionally, make sure your contact information, such as email address and phone number, is up-to-date.

Step 6: Switch to Business Profile

Instagram offers a dedicated business profile option, which provides access to additional features and analytics. To switch to a business profile, go to your profile settings and select the “Switch to Business Profile” option. This will allow you to access insights about your followers, track post performance, and create Instagram ads.

Choose your Business Type

and connect your Facebook Page if you have one

Step 7: Craft Captivating Content

Creating visually appealing and engaging content is crucial for success on Instagram. Use high-quality images or videos that align with your brand’s aesthetics and values. Experiment with different types of content, such as product photos, behind-the-scenes shots, user-generated content, and educational posts. Keep your captions concise, informative, and infused with your brand’s voice.

Step 8: Track Your Performance

To measure the success of your Instagram efforts, it’s important to track your performance. Instagram Insights, available with a business profile, provides valuable data about your audience demographics, post reach, engagement metrics, and more. Analyze this data regularly to understand what type of content resonates best with your audience and make adjustments to your strategy accordingly.

Conclusion

Creating an Instagram account for your business is an excellent way to reach and engage with your target audience. By following the steps outlined in this guide, you can establish a strong presence on Instagram, showcase your brand, and connect with potential customers. Remember to define your strategy, optimize your profile, create compelling content, engage with your audience, and track your performance. With dedication and consistency, your Instagram account can become a powerful tool for promoting your business and driving growth.

BACK TO BLOG

A guide on how to perfectly setup your Facebook page in 2023.

Adit Malakar
June 19, 2023
4 minutes min read
Facebook continues to be a dominant force in the realm of social media, with billions of active users worldwide. Whether you’re an individual looking to build a personal brand or a business aiming to expand your online presence, setting up a well-optimized and engaging Facebook page is crucial. In this blog post, we will guide […]

Facebook continues to be a dominant force in the realm of social media, with billions of active users worldwide. Whether you’re an individual looking to build a personal brand or a business aiming to expand your online presence, setting up a well-optimized and engaging Facebook page is crucial. In this blog post, we will guide you through the essential steps to create a perfectly set up Facebook page.

Step 1: Start with the basics

To create a Facebook Business Page, log in with your personal Facebook account and go to  https://www.facebook.com/pages/creation/

Step 2: Create a Compelling Page Name and Username

Choose a page name and category that accurately represents your brand, organization, or personal identity. Keep it concise, memorable, and easy to spell. Additionally, consider creating a unique username (vanity URL) that reflects your brand and makes it easier for users to find and remember your page. After you’ve decided your initials, press create page.

Step 3: Complete your Facebook Business Page info

Follow the prompts to enter more details, like your business hours, website, phone number, and all that good stuff.

All these fields are optional, so if you don’t want to advertise your phone number or address, leave those blank.

Step 4: Add profile and cover photos

Your cover photo is the first visual element visitors see on your Facebook page. Choose an eye-catching image that conveys your brand identity or showcases your products/services. Leverage the cover photo space to captivate and engage your audience.

Your profile picture should include your logo. Get creative make it unique to stand out

Your cover photo can be something general about your business, or change it up to match current promotions or events.

Social media image sizes occasionally change, but here’s what you need for 2023:

Step 5: Add an action button

Then choose what you want to promote: Link to a website or app, get people to contact you, or connect a specific action, like buying food or ordering an delivery.

Step 6: Create a post

To keep your Facebook page engaging, consistently create and share valuable content. Share updates, articles, videos, photos, or other relevant media that align with your brand and resonate with your target audience. Encourage discussions, respond to comments, and utilize Facebook’s scheduling feature for consistent posting. People won’t start discovering your Facebook Page, or have a reason to follow it, until you post some great content.

Conclusion

Creating and optimizing a Facebook Business Page is a vital step in building your online presence and connecting with your target audience. By following the steps outlined in this guide, you can set up a professional and engaging page that represents your brand effectively. Continuously monitor your page’s performance using Facebook Page Insights and adapt your strategy accordingly. With a well-optimized Facebook Business Page, you can leverage the platform’s vast reach to grow your business and engage authentically with your audience.

BACK TO BLOG

The Power of Google Business Profile: An Indispensable Tool for Your Business in 2023

Adit Malakar
May 23, 2023
5 minutes min read
In the increasingly digital era of 2023, the need for businesses to maintain an influential online presence is more important than ever. Central to this digital transformation is the utilization of Google Business Profile, a tool that offers immense value to businesses across the globe. This blog will explore what Google Business Profile is, why it holds such critical importance for businesses today, and the myriad of benefits it provides.

Google Business Profile is a crucial tool for businesses in 2023. It enhances online visibility, builds trust and credibility, and enables engagement with potential customers. With its local search dominance and mobile-friendly experience, businesses can attract local customers and provide a seamless user experience. The benefits include valuable insights, showcasing products and services, and gaining a competitive advantage in the market. Investing in optimizing your Google Business Profile can lead to significant growth and success for your business.

Introduction

In the increasingly digital era of 2023, the need for businesses to maintain an influential online presence is more important than ever. Central to this digital transformation is the utilization of Google Business Profile, a tool that offers immense value to businesses across the globe. This blog will explore what Google Business Profile is, why it holds such critical importance for businesses today, and the myriad of benefits it provides.

What is Google Business Profile?

Google Business Profile, formerly known as Google My Business, is a free and customizable tool that helps businesses manage their online presence across the Google platform, including Google Search and Google Maps.

In essence, it allows you to control the information that appears about your business on Google. This includes business hours, contact information, location, website link, and customer reviews. Additionally, businesses can share posts about updates, offers, events, and product or service descriptions directly on their profile, providing a comprehensive snapshot of their operation to potential customers.

Why is Google Business Profile Important for Your Business?

As Google is the world’s most widely used search engine, having a presence on this platform is paramount for your business’ visibility. With over 90% of the global search engine market share, Google is the primary avenue by which potential customers will find information about your business.

Beyond visibility, Google Business Profile bolsters your business’s credibility. An up-to-date, active profile provides a professional image, instilling trust in potential customers. Moreover, having positive customer reviews displayed prominently on your Google Business Profile helps to further enhance your reputation and build trust.

In a landscape where customers expect immediate answers and swift interaction, Google Business Profile provides a channel for real-time engagement. Responding promptly to reviews and queries creates a rapport with customers and demonstrates a commitment to customer satisfaction.

Benefits of Google Business Profile

Embracing Google Business Profile brings numerous benefits to your business:

Enhanced Visibility: Google Business Profile helps increase your business’s online visibility. A well-optimized profile can boost your ranking in local search results, making it easier for potential customers to find you.

Improved Engagement: This tool offers an efficient platform for direct customer engagement. You can interact with customers through reviews and questions, thus fostering strong customer relationships.

Valuable Insights: Google Business Profile provides crucial insights into how customers are interacting with your profile. This includes information about how customers found your business, which photos get the most attention, and how many people called your business through the phone number listed on your profile. These insights can guide data-driven decision-making to enhance your business’s performance.

Free Advertising: Essentially, Google Business Profile acts as a form of free advertising. It puts your business information directly in front of customers actively searching for your products or services.

Showcase Products and Services: Google Business Profile allows you to highlight your offerings directly on your profile, providing potential customers with a preview of what they can expect from your business.

Conclusion

As the business landscape continues to evolve in the digital era of 2023, Google Business Profile has emerged as an indispensable tool for businesses of all sizes. By enhancing visibility, promoting engagement, offering valuable customer insights, and providing a platform to showcase offerings, Google Business Profile is pivotal to building a strong online presence.

Ultimately, Google Business Profile isn’t just a tool – it’s a strategic asset that can propel your business towards growth and success in the digital age. No matter your business type or size, embracing Google Business Profile is an investment in your digital future, positioning your business favorably in the competitive market landscape.

BACK TO BLOG

Unpacking Google I/O 2023: Comprehensive Insights into AI, Mobile, Web, and Cloud Development

Adit Malakar
May 19, 2023
8 minutes min read
Google's I/O 2023 event unfolded amidst an atmosphere of heightened anticipation, unraveling a plethora of groundbreaking announcements that are set to redefine the development landscape. As the tech giant continues to deepen its investments in AI, mobile, web, and cloud, let's take a closer look at some of the key revelations and their implications.

Google I/O 2023 presented groundbreaking innovations in AI, mobile, web, and cloud technologies, demonstrating Google’s commitment to democratizing AI and enhancing developer resources. It included the introduction of generative AI tools like PaLM API, advancements in Android development, support for Kotlin and Dart in WebAssembly for improved web performance, and AI-boosted cloud capabilities.

The annual Google I/O is always an exciting time for tech enthusiasts and developers alike. Google’s I/O 2023, in particular, has been a treasure trove of announcements that are set to shape the future of AI, mobile, web, and cloud technologies. Let’s dive deeper into these key developments.

1. Democratizing AI: Making Generative AI Accessible to All

In a move that has been much lauded, Google I/O 2023 demonstrated a strong commitment to democratizing AI. This decision was about more than just making AI more widely accessible—it was about equipping developers to create AI-powered applications responsibly.

PaLM API and MakerSuite: Facilitating Generative AI Development

The unveiling of the PaLM API and MakerSuite was a notable milestone. These tools enable developers to rapidly construct applications that leverage Google’s advanced large language model. This provides a pathway for developers to engage with machine learning without the barrier of extensive coding or AI expertise. The hope is that this will encourage more diverse engagement with generative AI and spur creative new applications.

Firebase Integration with PaLM API: Expanding the AI Conversation

Firebase’s new integration with the PaLM API further amplifies the potential of generative AI. The introduction of a chat interface allows for ongoing dialogue and text summarization, adding a new level of sophistication and versatility to Firebase’s offerings. This is a significant enhancement for developers creating chatbots or other applications that require advanced conversational capabilities.

MediaPipe Studio: Encouraging On-Device Machine Learning

Google also launched MediaPipe Studio and its open-source cross-platform framework. The goal of this tool is to empower developers to create machine learning solutions that can run across a range of devices. This approach supports on-device processing, which can deliver benefits in terms of responsiveness, data privacy, and accessibility.

2. Embracing the Future of Android Development

I/O 2023 also saw Google making significant strides in mobile development. With a host of new tools and devices announced, Google is arming developers with the resources they need to push the boundaries of what’s possible in mobile application development.

Studio Bot: An AI Assistant for Android Developers

The Studio Bot, an AI-powered assistant in Android Studio, is designed to streamline the development process. By assisting with code writing, debugging, and providing answers to development-related questions, it serves as an invaluable tool that can enhance productivity and reduce bottlenecks.

Pixel Fold and Pixel Tablet Announcements

As anticipated, Google showed off its first foldable at I/O this year. The Pixel Fold’s got a refreshingly normal-looking 5.8″ screen on the outside and a 7.6″ display (with some pretty substantial bezels) on the inside. It’s running on a Tensor G2 chipset paired with 12 gigs of RAM, and it’s impressively IPX8 rated for water resistance.

Wear OS Growth: Fostering a New Generation of Wearable Tech

The realm of wearable tech also saw significant announcements, with Google launching a new Watch Face Format in partnership with Samsung. This update, combined with the substantial growth in active Wear OS devices since the launch of Wear OS 3, suggests a bright future for wearable tech development.

3. Powering the Future Web: Improvements for a More Efficient, AI-Ready Web

Google’s vision for a more powerful, AI-ready web was crystal clear in its web-focused announcements.

WebAssembly (WASM) Extends Support: Enhancing Web Performance

The support for Kotlin and Dart in WebAssembly (WASM) was a significant update. This move offers Android and Flutter developers the opportunity to leverage native web performance, facilitating a smoother and more efficient user experience.

Launch of the WebGPU API: Harnessing GPU Hardware Power

The unveiling of the WebGPU API marked another key development for the web. This tool brings GPU hardware power to the web, enabling developers to create privacy-preserving AI features. With on-device computing power, this feature can save money, boost speed, and make the web more AI-ready.

Chrome DevTools: Nurturing the Growth of Web Frameworks

Google’s commitment to nurturing web frameworks was evident in the improvements to Chrome DevTools, which now offer better debugging for various frameworks. Furthermore, Firebase Hosting now extends experimental support to Nuxt, Flutter, and other frameworks, reinforcing Google’s support for the evolving web development ecosystem.

4. Cloud Innovations: Enhancing Enterprise-Ready AI Applications

Finally, I/O 2023 revealed significant strides in cloud capabilities aimed at helping developers create enterprise-ready applications.

Duet AI: A New Companion for Developers

One of the key cloud additions is Duet AI, an interface that functions as an expert pair programmer. It offers support within Cloud Workstations, Cloud Console, and Chat, providing a helping hand to developers when they need it the most.

Vertex AI and Imagen 2 Integration: Customizing and Deploying Foundation Models

Vertex AI takes center stage in the cloud offerings, allowing developers to fine-tune, customize, and deploy foundation models with ease. Integration with Google’s text-to-image foundation model, Imagen 2, adds another level of sophistication.

Text Embeddings API: Empowering Sophisticated Application Creation

The new Text Embeddings API enables developers to create recommendation engines, classifiers, question-answering systems, and other sophisticated applications based on semantic understanding of text or images.

Conclusion: The Future is Now

Google I/O 2023 was a watershed moment for technological advancements. From AI to mobile, web, and cloud technologies, Google has pushed the boundaries of what’s possible. As developers begin to harness these new tools and technologies, we eagerly anticipate the innovative applications they will bring to life.

With more developer events and interactions on the horizon, Google’s commitment to a future enriched and simplified by technology is clear. We’re already looking forward to Google I/O 2024. For now, though, the stage is set for developers to create, innovate, and shape the future of tech.

BACK TO BLOG

Continuous deployment with GitHub Action

Bibhuti Poudyal
August 2, 2021
3 minutes min read
This article demonstrates a straightforward approach to Continuous deployment using GitHub Actions. It will work for every type of backend & frontend i.e. Nodejs, Ruby, Python, PHP, Vue, React, Angular etc. The approach is simple, free of cost & more importantly it can be used on production. It’s an intermediate level article; for those who […]

This article demonstrates a straightforward approach to Continuous deployment using GitHub Actions. It will work for every type of backend & frontend i.e. Nodejs, Ruby, Python, PHP, Vue, React, Angular etc. The approach is simple, free of cost & more importantly it can be used on production.

It’s an intermediate level article; for those who are manually deploying application to server but struggling to automate it. Also, basic knowledge of GitHub Actions is expected.

These are two major steps

  1. Deployment using SSH & GitHub
  2. Automate step 1

Deployment using SSH & GitHub

This is the normal deployment strategy i.e. how you deploy applications manually via SSH & git.

  1. Connect to server via SSH
  2. Create SSH Key
  3. Add public key to GitHub’s deployment keys
  4. Clone Repo to server
  5. Setup project
  6. Run project

At this point, the project should run smoothly. Next step is to automate the same process via GitHub Action.

Automate Step 1

1. Configure necessary values

Go to GitHub Repo ⇒ Settings ⇒ Secrets

Create 3 New repository secrets

  • SSH_PRIVATE_KEY_DEV : SSH private key from server
  • HOST_DEV : Hostname of server
  • USERNAME : server username

eg: if you use ssh [email protected] to access server. root is USERNAME and xx.xx.xx is HOST_DEV.

2. Create YML file

Inside project directory create a yml file deploy.yml at

Project Directory → .github → workflows → deploy.yml

deploy.yml file contains deployment script

Example 1: Auto deploy Vue/React projects into server

Example 2: Auto Deploy pm2 based Nodejs application to server & restart pm2

Push the changes to GitHub on dev or some other specified branch. Head over to GitHub ⇒ Your repository ⇒ Actions Tab.

There you will see the workflow your recently executed workflow-run. In case of success/failure it will show respective logs. Again, try some changes and push it to GitHub. It will update automatically.

As you have noticed, the yml script uses appleboy/ssh-action@master to make the task easier. Its a bit slower though. If you want faster alternative, same task can be done manually. Here’s a nice article about it.

https://blog.benoitblanchon.fr/github-action-run-ssh-commands/

Another thing to ponder over is GitHub action pricing. Free plan come with some limitations. You can find more details here.

Hence, this approach does exactly the same thing as you did on Step 1 or the stuffs you used to do manually. It access the server via SSH. Credentials: username, host & SSH private key are provided earlier on

GitHub → Settings → Secrets

Then it executes specified command to build project & restart server/process manager if needed.

BACK TO BLOG

Instagram Basic Display API integration with NodeJS

Bibhuti Poudyal
July 30, 2021
5 minutes min read
This article will demonstrate how Instagram can be integrated with your system. Specifically, it explores a mechanism to show users’ Instagram posts on your app/website. At time of writing this article, instafeed.js provides similar functionality. However, it depends on Heroku’s free service to refresh tokens. After Heroku updated its pricing policy, it kind of became expensive. This approach […]

This article will demonstrate how Instagram can be integrated with your system. Specifically, it explores a mechanism to show users’ Instagram posts on your app/website.

At time of writing this article, instafeed.js provides similar functionality. However, it depends on Heroku’s free service to refresh tokens. After Heroku updated its pricing policy, it kind of became expensive. This approach serves as self-hosted alternative.

Before going further, please head over to Facebook Developers page and go through the overview. It will be easier to grasp concepts further.

Overall process boils down to 4 steps

  1. Create a Facebook app
  2. Get access tokens
  3. Setup token refresh service
  4. Fetch Data

1. Create a Facebook App

Follow step 1 to 3 from this link.

https://developers.facebook.com/docs/instagram-basic-display-api/getting-started

2. Get Access Tokens

Proceeding further requires app specific keys & secrets which can be found here.

App ⇒ Dashboard ⇒ My products ⇒ Instagram Basic Display ⇒ Settings

App ID is required on frontend only; backend requires both ID & secret. Since App secret can’t be shown to users, it’s kept as an environment variable on server.

App ID, secret & Redirect URIs

Also add your frontend application’s URL to Valid OAuth Redirect URIs. localhost with https will work. More better, hosting static app on GitHub pages will do.

Frontend

Use this piece of code on static frontend site to get Short-lived access token. Short-lived access tokens are valid for 1 hour, but can be exchanged for long-lived tokens(will do later on server side).

Since our goal is to fetch user related info & their Instagram photos, scopes are set to user_profile & user_media.

It will open authorization window on a new tab. After being authorized it will redirect to /insta page(as configured on above code) with a query parameter containing code. That code will be used to fetch short lived access token on backend.

Next, the code & redirect URI are sent to server for further processing.

Backend

It’s assumed that backend has an endpoint for receiving code & redirect URI via any HTTP method.

Now, the next step is to get Short-Lived-Access-Token. The code is self-explanatory.

JSON based POST won’t work. So form based request is sent via request.

After Short-Lived-Access-Token is obtained, it needs to be exchanged with Long-Lived-Access-Token.

As mentioned earlier, short-lived token has 1 hour validity. Similarly long-lived token has 60 days validity. i.e. the token just stored on DB needs to be refreshed before it expires.

3. Setup Token Refresh Service

To refresh token every 60 days, a cron job seems suitable. node-cron will serve best for this purpose.

Inside instaRefresh.cron file, it gets old token from DB and replaces it with new one.

Hence, this cron job will automatically refresh access tokens.

4. Fetch data

Finally, its time to fetch data from Instagram. We will be making use of the accessToken stored on DB. To learn more on what kinds of data can be fetched, visit this page.

Access tokens are app-scoped (unique to the app and user pair)

Here, we will be fetching media uploaded by user. Then Filter it and obtain images only.

Platform Rate Limits

Instagram API has limit on number of API calls. More details can be found here .

One way around this issue is to cache API responses. For this particular scenario, the image URLs can be saved to database every, lets say, every 3 hours; using cron-jobs.

Instead of calling Instagram API directly, images can be served from DB; as a cache. However, this particular case may not be feasible for every use case.

I hope this guide will help to integrate Instagram Basic API on NodeJS based application. If you have more robust alternative, please mention on the comments below.

Thanks for reading 🙂

References

https://github.com/stevenschobert/instafeed.js/wiki/Facebook-app-and-test-user-setup

https://developers.facebook.com/docs/instagram-basic-display-api

BACK TO BLOG

Infinite pagination with ElasticSearch

Bibhuti Poudyal
December 28, 2020
1 minute min read
Elastic Search always returns top 10 results by default. To get large volume of results, we need to user Search API. The Search API provides from and size parameters that can be used to retrieve predefined amount of data. But using from and size should be avoided to request very large volume at once. Reason: Search request works with […]

Elastic Search always returns top 10 results by default. To get large volume of results, we need to user Search API.

The Search API provides from and size parameters that can be used to retrieve predefined amount of data. But using from and size should be avoided to request very large volume at once. Reason: Search request works with multiple shards storing its requested hits into memory which leads into high memory + CPU usage.

Moreover Elastic Search has set the maximum limit of 10,000 hits to paginate using size and from parameters. It’s actually a safeguard mechanism of ES. More info can be found on ES-docs.

A scenario can exist where we need to paginate through ES and retrieve very large set of data. In such case search_after parameter can be used.

The code below shows retrieving data infinitely via elastic search JavaScript API

This approach requests for data until there is none left. This seems to be the most easier way to get all the data chunks by chunks. The most important thing to consider here is: Make sure you know how much data you are paginating through.

BACK TO BLOG

Dead Simple Authorization Technique Based on HTTP Verbs

Bibhuti Poudyal
October 13, 2020
4 minutes min read
Authorization is a basic feature of modern web applications. It’s a mechanism of specifying access rights or privileges to resources according to user roles. In case of CMS like applications, it needs to be equipped with advanced libraries and authorization techniques. But for minimal applications a full fledged library can be an overhead. I will […]

Authorization is a basic feature of modern web applications. It’s a mechanism of specifying access rights or privileges to resources according to user roles. In case of CMS like applications, it needs to be equipped with advanced libraries and authorization techniques. But for minimal applications a full fledged library can be an overhead.

I will discuss a dead simple authorization technique based on HTTP verbs, for this particular purpose.

Things to consider beforehand

This technique isn’t something you can implement anywhere. Use this only if your requirements match the particular scenario.

  • It works only for REST APIs. Everything happens on middleware layer. If you have a simple MVC based REST APIs, this is for you.
  • It heavily relies on the HTTP verbs and the URL naming convention. So API endpoints should be super clear and structured. Similar to some structure like this one.

List Products  : GET    /products
Product Detail : GET    /products/{id}
Create Product : POST   /products
Update Product : PUT    /products/{id}
Delete Product : DELETE /products/{id}

  • A URL can perform many stuffs; but all cannot be expressed just in its naming and HTTP verb. If you require complex authorization, you can’t just rely on this technique.

Lets implement the dead simple authorization technique based on HTTP verbs. For demo purpose we will be using Nodejs. You can implement it on any language and platform of your choice: core Nodejs, ExpressJS, aws Lambda etc..

Step 1: Encode user role into JWT Token

JWT token is the key thing here. It contains the user role encoded in it. The token is returned when user logs in.

const jwt = require(‘jsonwebtoken’);
const token = jwt.sign({
 …
 role: userData.role 
}, JWT_KEY);

On the next API call, the token is passed as the value of Authorization header field.

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdW...

Step 2: Decode token and check permissions

When request is sent to the web server with JWT token attached on header, it goes through a middleware layer. Inside the layer the token is extracted, decoded. To check for permission we require two information.

  • User role: decoded from token
  • Resource name: identified from request URL

The mechanism of retrieving HTTP verb and resource name may differ according to the language or framework being used. Above code is only for demonstration purpose.

The permissions for resources according to user roles are stored in the following manner. Each of the roles have access to certain resources. Within resources they can perform certain actions determined by HTTP verbs.

The method below returns whether the user is allowed to access the resource or not.

Based on the result, the API request can be forwarded to the next middleware layer/controller or the request can be denied with error response.

The approach may work only for certain use cases(as mentioned above). If you have the same scenario, instead of relying on heavy libraries you can implement the technique fast and easy.

What do you think about this technique ? Do you have some other better approach ? Please share it on the comments below.