Async JS is hard to understand.
It’s hard enough to differentiate between synchronous and asynchronous code — they look the same when you’re starting out!
- Does having a callback mean code is asynchronous? (Hint: No!)
- How do you use promises?
- When should you use promises?
- How do you use async/await?
- When should you use async/await?
Once you get past these technical details, you will notice, very quickly, that one major purpose of Async JS is to interact with APIs.
When you interact with APIs, you can…
- Fetch data to display something
- Save data to a database
- Login with Facebook, Twitter, Google, and Github
- And many more
Once you learn how to use APIs, you can build almost any app you can imagine.
- Want a Todolist? Learn how to save data into a database and how to fetch it from the database!
- Want a Social Media Scheduler? Learn how to work with Twitter and Facebook APIs
But once you begin touching APIs, you will face a big problem — most APIs require authentication. So you suddenly have to learn a whole new language.
You need to understand OAuth and 3-legged authentication. There are lots of jargon thrown in your face like Authorization Code flow, PKCE, refresh token grant, access tokens, and many things you never expected you need to know.
You’re simply trying to get authenticated. Why can these APIs let you log in with a USERNAME and A PASSWORD?! Why do they have to make it so complicated?
I agree. Unfortunately, customer data is really important and it has to be protected. The world is also full of bad guys who want to steal data and do bad things with it. So we have no choice but to add layers of security to make sure everyone is safe.
OAuth is one such layer of security.
So if you want to use the APIs, you have to learn OAuth.
It is frustrating.
The good news is OAuth is easier than it sounds. It’s simply a process — like opening your door with a key. What you need to know is what this key looks like, so you can begin to use it yourself. (How? We’ll talk more about this in a bit).
Here’s the second problem — you need to become good at security.
Because customer data is so important, you need to know how to keep the data safe. Once you received an access token (which is sort of a password), the onus is on you, dear developer, to keep that data secure.
Suddenly you need to know how to protect yourself from Cross-Site Request Forgery (CSRF) attacks and Cross-Site Scripting (XSS) attacks.
It’s a heavy topic. Again, we’ll discuss this topic so don’t worry!
And yet there’s one final problem — CORS.
CORS feels like an invisible opaque wall that you can’t get across when you’re starting out. There really isn’t much information about what CORS is except it stands for “Cross-Origin Resource Sharing”.
When you try to access an API, you get this error message that doesn’t tell you what you’re supposed to do! (
no-cors mode doesn’t solve the error because it prevents you from getting data back. So what do you do?)
CORS is simpler than you imagine it to be. What CORS does is it lets servers decide whether it wants to accept a request from a browser. You get this error because most APIs don’t want to accept requests from browsers.
APIs that limit your access with CORS really just want to make sure the data is handled in a safe and secure way. If the API doesn’t allow browsers to access it, the only way you can get access is through a server.
This means you have to learn to build a server.
- Web security
There is a lot to take in.
You’re not at fault for feeling overwhelmed. Really.
There is a lot to take in.
How do you navigate this whirlpool of technologies that are thrown at you?
Simple — you learn what is required in an authentication process.
- How to create a server
- What are the kinds of OAuth methods
- How do you handle security while authenticating
- How do you handle security after you received the authentication
- How do you refresh an authentication when one expires?
There is a series of sequential steps you have to go through. Once you understand each step of the way, you will have no problem handling any sort of authentication — and with that, you will have no problems accessing any API. This means you can build anything with any API.
But who has the time and energy to sit down and understand these various technologies? It’s not fun. It’s not sexy. It’s not what you want to do — so most developers wing it. They use some library and pray (and hope) that the library works.
But they always live in fear. “What if the library doesn’t work?”.
Authentication is not hard at all!
People believe that authentication is hard because they are afraid of researching the process. There’s a huge weight in having to understand security since security is important.
I assure you — now that I’ve dug into the research and understand everything I needed to know — that authentication is simple (at least on the basic level to use any API you want).
You just have to follow a process — which is written over and over — a process that hasn’t changed for years.
You can learn this process.
For security, you just need to know how each of the security elements work (and why they are needed) instead of blindly following the advice of a security professional. Because if you don’t know what you’re doing, you’re going to be afraid — even if they said nothing will go wrong if you do follow them.
Why? Because security is a heavy responsibility — many things can go wrong if you mess up security — so it makes sense to have a grasp of how to handle it. Once you know how to handle it, you will be at peace with security.
It’s simple. Again, there are steps.
- From learning the absolute basics of Async JS
- How to use Async JS
- Creating the server
- Understanding OAuth
- Handling security (to a decent-enough level)
- To building something that uses a real-world API.
- What is async and what is NOT async
- Technologies you need to know and understand
- Syntaxes of each technology
- Gotchas you’ll face when using each technology
- Best practices (and how to make decisions regarding the practices you use)
We’ll also build things together which will teach you:
- How to get data from APIs
- How to authenticate with APIs
- How to renew your authentication before (or when) it expires
- How to check whether you are authenticated
- How to make requests that get the data you want
- How to deal with paginated requests
- How to combine your data to make something you want
- How to send subsequent requests (as necessary) to make your thing work.
And magic happens from that point onwards.
The course is structured into 7 chapters.
- Fundamental Concepts
- Understanding REST API
- Building a server (with Node and Express)
- Understanding OAuth (and security)
- Building a login application
- Building a social media scheduler
I’ve written the first 4 chapters of the course already. Right now I’m working on the last three chapters as we speak. Chapter 5 is almost done!
Preorders are open :)
Before you preorder, I’d like to give you a sample chapter.
Get a sample chapter
I’m happy to send you a sample chapter, so you can test out the course and decide whether you want to buy it. I’m doing this because I want you to have complete confidence in your purchase — no buyer regrets, no wasting of money or time.
If you’re interested, please fill in your name and email address and I’ll get back to you shortly regarding your access to the sample chapter.
I hope this course helps you master Async JS and conquer your imposter syndrome as a developer. Once you know how to use Async JS, you can build anything you want, and I can’t wait to see what you build with it.