Is there a middleware to handle authentication for REST API?


I am building a simple REST API for an application, and I wonder if there is ready-to-use middleware to handle user authentication. This application is internal and will only be used by developers, but I want to approach security with due diligence. List of the requirements:

  • Nothing fancy, minimalism is preferred. The number of users for the REST API will vary between 0 and 1. To paraphrase Joe Armstrong, I only need a banana, not the entire jungle.
  • Support for HTTP basic auth, JWT is a bonus
  • Prevention of brute-force attacks
  • It can use Mnesia as a storage backend (I don’t want my service to depend on an external database for such a low-volume data)
  • Ideally I would prefer to use cowboy web server, but I am open to other lightweight alternatives if they do the job.

I did a brief search on hex/github and didn’t find anything of that nature, but I want to double-check if I missed something before “rolling out my own crypto”.

Thanks in advance.


httpd has built-in authentication mechanism via mod_auth module, but I haven’t used that module. Mnesia can be used as a storage backend. You can even partially prevent brute-force via max_retries, max_keep_alive_request and similar properties. It doesn’t support HTTP basic nor JWT.
Read the user guide before setting up httpd. I use it for internal purposes and it is indeed a banana.

After all, its still part of the OTP, so any feedback is welcome :smiley:


Thanks, this looks interesting. I was aware of httpd, but I had no idea it had advanced features like this. I’ll definitely play around with it.


We extended mod_auth with mod_oauth.


I took a brief look at mod_auth source code, but unfortunately it doesn’t follow what I would consider modern security practices. Not sure if it’s comme-il-faut to point out any specifics on a public forum without providing a patch first, but it’s pretty obvious. So the search continues.

1 Like

You can always look at Nova Quick start — nova v0.9.5.

It is a web framework built on top of Cowboy.

1 Like