1
00:00:01,130 --> 00:00:03,200
‫So, we're currently in the process

2
00:00:03,200 --> 00:00:06,500
‫of putting some finishing touches on our API,

3
00:00:06,500 --> 00:00:09,120
‫and one of the things that we need to do now

4
00:00:09,120 --> 00:00:11,242
‫is to fix some of the authentication

5
00:00:11,242 --> 00:00:14,603
‫and authorization in all our resources.

6
00:00:16,190 --> 00:00:19,340
‫And we're gonna start here with our tour resource.

7
00:00:19,340 --> 00:00:21,190
‫And since all the authentication

8
00:00:21,190 --> 00:00:24,200
‫and authorization stuff is always defined

9
00:00:24,200 --> 00:00:25,960
‫on the route declarations,

10
00:00:25,960 --> 00:00:29,590
‫well, we're gonna work here on the tour routes file.

11
00:00:29,590 --> 00:00:32,850
‫So, this tour API that we have here

12
00:00:32,850 --> 00:00:36,470
‫is basically what we want to expose to the world.

13
00:00:36,470 --> 00:00:38,460
‫So for example, we might want to allow

14
00:00:38,460 --> 00:00:41,300
‫other travel sites to embed our tours

15
00:00:41,300 --> 00:00:42,970
‫into their own website.

16
00:00:42,970 --> 00:00:46,080
‫And so that's what this API is basically for.

17
00:00:46,080 --> 00:00:49,230
‫And so therefore, we will not have any authorization

18
00:00:49,230 --> 00:00:51,130
‫on get tour requests.

19
00:00:51,130 --> 00:00:52,060
‫Right?

20
00:00:52,060 --> 00:00:54,448
‫And so we should actually get rid of the one

21
00:00:54,448 --> 00:00:55,598
‫that we have currently.

22
00:00:56,600 --> 00:00:57,433
‫Right?

23
00:00:57,433 --> 00:00:58,480
‫So, this one.

24
00:00:58,480 --> 00:01:00,270
‫So on getting all the tours,

25
00:01:00,270 --> 00:01:02,080
‫right now we have to protect it,

26
00:01:02,080 --> 00:01:05,700
‫and so only authenticated users can use that.

27
00:01:05,700 --> 00:01:06,533
‫Okay?

28
00:01:06,533 --> 00:01:08,260
‫But again, that doesn't make much sense,

29
00:01:08,260 --> 00:01:10,080
‫because you want to expose this part

30
00:01:10,080 --> 00:01:12,700
‫of the API to everyone.

31
00:01:12,700 --> 00:01:14,990
‫So, let's get rid of that.

32
00:01:14,990 --> 00:01:18,960
‫However, the actions of creating or editing tours,

33
00:01:18,960 --> 00:01:20,860
‫we only want to allow lead guides

34
00:01:20,860 --> 00:01:23,820
‫and administrators to perform these actions.

35
00:01:23,820 --> 00:01:26,130
‫So of course, no normal users,

36
00:01:26,130 --> 00:01:27,950
‫and also no normal guides.

37
00:01:27,950 --> 00:01:30,520
‫So, just admins and lead guides.

38
00:01:30,520 --> 00:01:32,363
‫And so let's put that here actually.

39
00:01:35,005 --> 00:01:36,922
‫Authcontroller.protect,

40
00:01:40,440 --> 00:01:43,703
‫and authcontroller.restrictto.

41
00:01:48,060 --> 00:01:48,893
‫Admin,

42
00:01:51,930 --> 00:01:53,083
‫and lead guide.

43
00:01:55,430 --> 00:01:56,930
‫Give it a save here,

44
00:01:56,930 --> 00:01:59,620
‫and that looks just fine.

45
00:01:59,620 --> 00:02:03,210
‫And next up we want to do the same with editing.

46
00:02:03,210 --> 00:02:04,043
‫Right?

47
00:02:04,043 --> 00:02:06,840
‫So we already did that actually in the leading,

48
00:02:06,840 --> 00:02:10,863
‫and so let's just copy what we have here to patch as well.

49
00:02:13,000 --> 00:02:16,940
‫Give it a save, and now that actually looks perfect.

50
00:02:16,940 --> 00:02:18,440
‫Okay?

51
00:02:18,440 --> 00:02:19,890
‫So everything else,

52
00:02:19,890 --> 00:02:22,330
‫even getting just one single tour here,

53
00:02:22,330 --> 00:02:25,357
‫is of course free to everyone, okay?

54
00:02:25,357 --> 00:02:28,950
‫And the same goes for getting the top tours,

55
00:02:28,950 --> 00:02:31,820
‫and also getting the tour statistics.

56
00:02:31,820 --> 00:02:33,880
‫Now here, about the get monthly plan,

57
00:02:33,880 --> 00:02:35,980
‫well we also might want to restrict that.

58
00:02:35,980 --> 00:02:39,473
‫Only, for example, to everyone except normal users.

59
00:02:40,340 --> 00:02:41,220
‫Okay?

60
00:02:41,220 --> 00:02:43,433
‫So that's copy this one here as well,

61
00:02:44,820 --> 00:02:48,493
‫give it a save, and then also add the normal guides.

62
00:02:51,230 --> 00:02:52,063
‫Alright?

63
00:02:52,063 --> 00:02:55,860
‫And so, that looks perfect at this point, I think.

64
00:02:55,860 --> 00:02:56,693
‫Okay?

65
00:02:56,693 --> 00:03:00,233
‫So basically, our tour router is now completed.

66
00:03:01,250 --> 00:03:02,220
‫Perfect.

67
00:03:02,220 --> 00:03:04,010
‫And I'm not going to test all of this

68
00:03:04,010 --> 00:03:06,990
‫because we already know that it works.

69
00:03:06,990 --> 00:03:08,060
‫Alright?

70
00:03:08,060 --> 00:03:09,720
‫So, let's close this one

71
00:03:09,720 --> 00:03:12,660
‫and move straight to the next one.

72
00:03:12,660 --> 00:03:14,600
‫So, these first routes here

73
00:03:14,600 --> 00:03:17,150
‫are of course open to everyone.

74
00:03:17,150 --> 00:03:19,080
‫So, signing up, logging in,

75
00:03:19,080 --> 00:03:22,000
‫forget password, and reset password.

76
00:03:22,000 --> 00:03:25,020
‫For none of these you need to be logged in.

77
00:03:25,020 --> 00:03:26,130
‫Right?

78
00:03:26,130 --> 00:03:27,930
‫But, you need to be logged in

79
00:03:27,930 --> 00:03:31,760
‫so to be authenticated to update your password,

80
00:03:31,760 --> 00:03:33,403
‫to get your own information,

81
00:03:34,540 --> 00:03:37,700
‫to update or to delete your own account,

82
00:03:37,700 --> 00:03:39,620
‫and really for all these other operations

83
00:03:39,620 --> 00:03:40,680
‫here as well.

84
00:03:40,680 --> 00:03:44,320
‫So we don't want the public to basically get information

85
00:03:44,320 --> 00:03:45,990
‫about all the users.

86
00:03:45,990 --> 00:03:48,780
‫We also don't want anyone to delete users,

87
00:03:48,780 --> 00:03:52,130
‫or to update users, and really none of these

88
00:03:52,130 --> 00:03:55,150
‫operations here should be free for the public.

89
00:03:55,150 --> 00:03:55,983
‫Okay?

90
00:03:55,983 --> 00:03:57,520
‫So for all of these routes here,

91
00:03:57,520 --> 00:03:59,290
‫starting from this point,

92
00:03:59,290 --> 00:04:01,600
‫you will always have to be authenticated.

93
00:04:01,600 --> 00:04:02,433
‫Alright?

94
00:04:02,433 --> 00:04:04,960
‫And so, we could now go ahead and add

95
00:04:04,960 --> 00:04:09,960
‫this authcontroller.protect to all of these routes,

96
00:04:09,970 --> 00:04:13,330
‫but actually we can do better than that, right?

97
00:04:13,330 --> 00:04:14,780
‫So in order to do that,

98
00:04:14,780 --> 00:04:17,790
‫let's keep in mind that this protect function here

99
00:04:17,790 --> 00:04:19,550
‫is really just a middleware.

100
00:04:19,550 --> 00:04:21,910
‫And also remember that middleware

101
00:04:21,910 --> 00:04:24,960
‫runs always in sequence, right?

102
00:04:24,960 --> 00:04:26,940
‫Now with this router that we have here,

103
00:04:26,940 --> 00:04:28,810
‫that we created in the beginning,

104
00:04:28,810 --> 00:04:31,000
‫is kind of like a mini application.

105
00:04:31,000 --> 00:04:32,420
‫Remember that?

106
00:04:32,420 --> 00:04:34,570
‫And so just like with the regular app

107
00:04:34,570 --> 00:04:37,410
‫we can use middleware on this router as well.

108
00:04:37,410 --> 00:04:38,470
‫Okay?

109
00:04:38,470 --> 00:04:41,403
‫And so, we can do something like this.

110
00:04:42,260 --> 00:04:44,780
‫Router.use,

111
00:04:44,780 --> 00:04:49,453
‫and now authcontroller.protect,

112
00:04:50,980 --> 00:04:52,140
‫and that's it.

113
00:04:52,140 --> 00:04:53,060
‫And what this will do

114
00:04:53,060 --> 00:04:55,200
‫is to basically protect all the routes

115
00:04:55,200 --> 00:04:57,243
‫that come after this point.

116
00:04:58,120 --> 00:04:58,953
‫Okay?

117
00:04:58,953 --> 00:05:00,770
‫And again, that's because middleware

118
00:05:00,770 --> 00:05:02,240
‫runs in sequence.

119
00:05:02,240 --> 00:05:05,090
‫And so after these four middleware functions,

120
00:05:05,090 --> 00:05:06,940
‫because remember that technically

121
00:05:06,940 --> 00:05:08,770
‫this is still also middleware,

122
00:05:08,770 --> 00:05:12,270
‫then the next middleware in the stack is this protect.

123
00:05:12,270 --> 00:05:14,710
‫And this will then only call the next middleware

124
00:05:14,710 --> 00:05:16,590
‫if the user is authenticated.

125
00:05:16,590 --> 00:05:20,550
‫And the next middleware in this case is this patch here.

126
00:05:20,550 --> 00:05:21,383
‫Okay?

127
00:05:21,383 --> 00:05:23,030
‫And so, again, what this is means

128
00:05:23,030 --> 00:05:24,390
‫is that all of this routes

129
00:05:24,390 --> 00:05:26,570
‫to all these middlewares, technically,

130
00:05:26,570 --> 00:05:29,940
‫that come after this one are now protected.

131
00:05:29,940 --> 00:05:32,680
‫And so, we can go ahead and remove this protect

132
00:05:32,680 --> 00:05:33,863
‫from all of them.

133
00:05:35,800 --> 00:05:36,633
‫Okay?

134
00:05:41,320 --> 00:05:44,450
‫And just to prove you that this now still works,

135
00:05:44,450 --> 00:05:48,760
‫let's just go ahead and get the me information.

136
00:05:48,760 --> 00:05:50,413
‫So basically the current user.

137
00:05:51,390 --> 00:05:52,793
‫So if I now run this,

138
00:05:54,490 --> 00:05:56,740
‫you'll see that it still works.

139
00:05:56,740 --> 00:05:58,873
‫And if I take away the authentication,

140
00:06:00,720 --> 00:06:03,540
‫then it says we are not logged in.

141
00:06:03,540 --> 00:06:06,513
‫And so that's exactly what that protect middleware does.

142
00:06:07,650 --> 00:06:08,483
‫Right?

143
00:06:09,810 --> 00:06:11,973
‫So, it's now going to be back to working.

144
00:06:13,180 --> 00:06:14,330
‫So, perfect!

145
00:06:14,330 --> 00:06:16,700
‫That's a nice little trick in order to protect

146
00:06:16,700 --> 00:06:18,880
‫all of the routes at the same time,

147
00:06:18,880 --> 00:06:20,830
‫typically by using a middleware

148
00:06:20,830 --> 00:06:23,233
‫that comes before all these other routes.

149
00:06:25,070 --> 00:06:25,990
‫Okay?

150
00:06:25,990 --> 00:06:28,020
‫And for example, if we now move this

151
00:06:28,020 --> 00:06:31,100
‫a little bit up, like this for example,

152
00:06:31,100 --> 00:06:33,200
‫then we would also need to be logged in

153
00:06:33,200 --> 00:06:35,860
‫in order to use forgot password.

154
00:06:35,860 --> 00:06:36,810
‫Right?

155
00:06:36,810 --> 00:06:38,693
‫So, let me just prove that to you.

156
00:06:39,930 --> 00:06:40,763
‫Okay?

157
00:06:40,763 --> 00:06:43,970
‫And so usually, of course, we do not need to be logged in

158
00:06:43,970 --> 00:06:45,820
‫in order to forget our password,

159
00:06:45,820 --> 00:06:48,800
‫because that wouldn't make any sense, right?

160
00:06:48,800 --> 00:06:50,760
‫But right now, since we move that middleware

161
00:06:50,760 --> 00:06:53,207
‫a bit up, it says "you are not logged in".

162
00:06:54,230 --> 00:06:55,160
‫Okay?

163
00:06:55,160 --> 00:06:59,090
‫And so really, that proves that this authcontroller here

164
00:06:59,090 --> 00:07:00,333
‫is doing it's job.

165
00:07:03,080 --> 00:07:06,120
‫So, protect all routes --

166
00:07:08,690 --> 00:07:09,903
‫after this middleware.

167
00:07:12,750 --> 00:07:13,583
‫Okay.

168
00:07:13,583 --> 00:07:15,680
‫Now also remember how we said that

169
00:07:15,680 --> 00:07:18,480
‫all of these actions here should only be executed

170
00:07:18,480 --> 00:07:20,010
‫by administrators,

171
00:07:20,010 --> 00:07:23,130
‫and so now we can actually use the exact same technique

172
00:07:23,130 --> 00:07:26,213
‫that we used up here to protect all of these routes.

173
00:07:27,630 --> 00:07:30,337
‫So, router.use,

174
00:07:32,622 --> 00:07:36,122
‫authcontroller.restrictto,

175
00:07:38,000 --> 00:07:39,030
‫admin.

176
00:07:39,030 --> 00:07:39,863
‫Okay?

177
00:07:39,863 --> 00:07:42,700
‫And so now, only admins will be able to get all users,

178
00:07:42,700 --> 00:07:46,340
‫to create new users, to get users again,

179
00:07:46,340 --> 00:07:49,160
‫and to patch and delete users.

180
00:07:49,160 --> 00:07:50,010
‫Alright?

181
00:07:50,010 --> 00:07:51,540
‫And so from this point on,

182
00:07:51,540 --> 00:07:53,810
‫all the routes are not only protected,

183
00:07:53,810 --> 00:07:56,220
‫but also restricted only to the admin.

184
00:07:56,220 --> 00:07:59,300
‫But of course, the ones that come before everyone

185
00:07:59,300 --> 00:08:02,420
‫who is logged in can access them, okay?

186
00:08:02,420 --> 00:08:04,070
‫So let me just prove that to you.

187
00:08:05,290 --> 00:08:09,160
‫So, I'm going to log in, not with admin,

188
00:08:09,160 --> 00:08:10,633
‫but with testuser.

189
00:08:14,230 --> 00:08:15,780
‫Okay?

190
00:08:15,780 --> 00:08:18,120
‫And so we got logged in successfully,

191
00:08:18,120 --> 00:08:21,823
‫now let's try to see all the users.

192
00:08:24,800 --> 00:08:26,830
‫And now it says you are not logged in.

193
00:08:26,830 --> 00:08:29,090
‫Well, we are actually logged in,

194
00:08:29,090 --> 00:08:31,653
‫but we forgot to add the authorization here.

195
00:08:32,920 --> 00:08:36,810
‫So, bearer token, send it again,

196
00:08:36,810 --> 00:08:39,993
‫and now we see you don't have permission to perform.

197
00:08:40,990 --> 00:08:45,073
‫But now, when we change this to the administrator,

198
00:08:46,090 --> 00:08:48,130
‫so we log in as an admin now,

199
00:08:48,130 --> 00:08:51,460
‫and now as we get all the users,

200
00:08:51,460 --> 00:08:52,713
‫then of course it works.

201
00:08:54,190 --> 00:08:55,870
‫So, perfect!

202
00:08:55,870 --> 00:08:58,310
‫And that actually finishes the authentication

203
00:08:58,310 --> 00:09:02,060
‫and authorization for these users as well.

204
00:09:02,060 --> 00:09:03,980
‫But just to reflect that in Postman,

205
00:09:03,980 --> 00:09:08,420
‫let's actually go back and so basically

206
00:09:08,420 --> 00:09:11,040
‫put the authorization here, everywhere.

207
00:09:11,040 --> 00:09:12,240
‫Okay?

208
00:09:12,240 --> 00:09:14,190
‫And again, that's because later on

209
00:09:14,190 --> 00:09:16,610
‫we're gonna create an API documentation

210
00:09:16,610 --> 00:09:19,860
‫based on the collection that we created here.

211
00:09:19,860 --> 00:09:22,240
‫And then, it's important that we actually mark

212
00:09:22,240 --> 00:09:23,793
‫this one here as protected.

213
00:09:25,504 --> 00:09:26,337
‫Save it.

214
00:09:28,600 --> 00:09:29,973
‫Save this one as well.

215
00:09:31,070 --> 00:09:33,603
‫And the same for update and delete user.

216
00:09:35,840 --> 00:09:38,133
‫So, bearer token, save,

217
00:09:39,330 --> 00:09:40,883
‫and the same for update.

218
00:09:46,048 --> 00:09:49,290
‫Alright, and actually since we're doing that,

219
00:09:49,290 --> 00:09:51,233
‫let's do the same with all the others.

220
00:09:52,100 --> 00:09:54,083
‫So, not the reviews,

221
00:09:55,430 --> 00:09:57,063
‫that one is for a bit later,

222
00:09:59,730 --> 00:10:02,430
‫but really for the tours.

223
00:10:02,430 --> 00:10:05,223
‫So here we no longer need any authentication,

224
00:10:06,860 --> 00:10:08,350
‫so let's save that.

225
00:10:08,350 --> 00:10:11,490
‫Forgetting we also don't need any authorization,

226
00:10:11,490 --> 00:10:15,823
‫but for creating we now need the bearer token.

227
00:10:17,460 --> 00:10:18,420
‫Okay?

228
00:10:18,420 --> 00:10:21,710
‫Also for updating, and so it makes sense

229
00:10:22,620 --> 00:10:26,530
‫to protect them here in Postman as well.

230
00:10:26,530 --> 00:10:28,210
‫Now this one already had it,

231
00:10:28,210 --> 00:10:30,390
‫because we actually used this one to test it

232
00:10:30,390 --> 00:10:31,340
‫in the first place.

233
00:10:32,910 --> 00:10:36,790
‫So this one did not have it, but the get monthly plan,

234
00:10:36,790 --> 00:10:38,463
‫we protected this one as well.

235
00:10:39,780 --> 00:10:42,070
‫Add the bearer token here as well,

236
00:10:42,070 --> 00:10:43,730
‫and so I believe with this

237
00:10:43,730 --> 00:10:47,800
‫we are really completed now, with these, too.

238
00:10:47,800 --> 00:10:51,210
‫And so what we need to do to finish now this part

239
00:10:51,210 --> 00:10:55,550
‫is here, fix the same thing on the reviews as well.

240
00:10:55,550 --> 00:10:57,390
‫And the first thing that I want to do

241
00:10:57,390 --> 00:10:59,700
‫is to basically protect all of the routes

242
00:10:59,700 --> 00:11:01,900
‫which have to do with reviews.

243
00:11:01,900 --> 00:11:04,520
‫So, we want no one who is not authenticated

244
00:11:04,520 --> 00:11:09,520
‫to get, or to post, or to change, or delete any reviews.

245
00:11:10,620 --> 00:11:11,900
‫Okay?

246
00:11:11,900 --> 00:11:14,573
‫We say router.use,

247
00:11:15,710 --> 00:11:19,750
‫authentication controller.protect.

248
00:11:19,750 --> 00:11:20,583
‫Okay?

249
00:11:20,583 --> 00:11:22,400
‫And so that means that from this point

250
00:11:22,400 --> 00:11:24,330
‫no one can access any of this route

251
00:11:24,330 --> 00:11:26,033
‫without being authenticated.

252
00:11:27,342 --> 00:11:31,150
‫But we can remove this part here, okay?

253
00:11:31,150 --> 00:11:33,910
‫And so now with authentication out of the way,

254
00:11:33,910 --> 00:11:36,490
‫let's think about authorization.

255
00:11:36,490 --> 00:11:38,980
‫So, first of all, only users should

256
00:11:38,980 --> 00:11:40,790
‫be able to post reviews.

257
00:11:40,790 --> 00:11:44,050
‫No guides, and also no administrators.

258
00:11:44,050 --> 00:11:47,120
‫And so this part, we actually already have that here.

259
00:11:47,120 --> 00:11:48,050
‫Okay?

260
00:11:48,050 --> 00:11:50,720
‫Then, admins should be able to update

261
00:11:50,720 --> 00:11:53,700
‫or to delete reviews, just like regular users,

262
00:11:53,700 --> 00:11:56,060
‫of course, so that they can then edit

263
00:11:56,060 --> 00:11:58,150
‫or delete their own reviews.

264
00:11:58,150 --> 00:12:02,220
‫And finally, guides can not add, edit, or delete reviews.

265
00:12:02,220 --> 00:12:06,060
‫Since the guides are the ones who are performing the job,

266
00:12:06,060 --> 00:12:08,610
‫so it would be weird if they could post reviews

267
00:12:08,610 --> 00:12:12,120
‫themselves, or edit other peoples' reviews, right?

268
00:12:12,120 --> 00:12:16,110
‫And so let's put what we just described into code.

269
00:12:16,110 --> 00:12:18,530
‫So, basically patch and delete

270
00:12:20,360 --> 00:12:21,800
‫are restricted

271
00:12:23,680 --> 00:12:25,053
‫to users,

272
00:12:26,840 --> 00:12:29,573
‫or actually just user, and admin.

273
00:12:33,160 --> 00:12:36,893
‫And then the same thing for deleting.

274
00:12:38,400 --> 00:12:39,233
‫Okay?

275
00:12:39,233 --> 00:12:41,970
‫And so you see that now guides and lead guides

276
00:12:41,970 --> 00:12:44,810
‫have nothing to do at all with reviews.

277
00:12:44,810 --> 00:12:47,620
‫All they can do is to really get reviews,

278
00:12:47,620 --> 00:12:51,260
‫but not changing or posting them at all, okay?

279
00:12:51,260 --> 00:12:53,800
‫And so, quickly now in Postman,

280
00:12:53,800 --> 00:12:55,463
‫let's put that here as well.

281
00:12:56,400 --> 00:13:00,283
‫So create new reviews already has the authorization,

282
00:13:01,390 --> 00:13:03,633
‫get all reviews also needs it now.

283
00:13:05,550 --> 00:13:08,803
‫So, with the bearer token, save that,

284
00:13:13,530 --> 00:13:15,623
‫here, the bearer token as well.

285
00:13:21,510 --> 00:13:25,633
‫Now write, and also get one single review.

286
00:13:31,360 --> 00:13:33,820
‫Actually let's nicely order this as well,

287
00:13:33,820 --> 00:13:36,783
‫so that all of them are kind of in the same order.

288
00:13:39,300 --> 00:13:41,740
‫And now about these two here, they actually

289
00:13:41,740 --> 00:13:43,900
‫are also protected.

290
00:13:43,900 --> 00:13:44,733
‫Right?

291
00:13:44,733 --> 00:13:46,610
‫Because ultimately it's the review handlers

292
00:13:46,610 --> 00:13:48,803
‫that are actually called for both of them.

293
00:13:49,920 --> 00:13:53,483
‫And so here we also need to add that bearer token.

294
00:13:55,060 --> 00:13:55,893
‫Okay?

295
00:13:55,893 --> 00:13:58,320
‫So now, basically, the only way of getting access

296
00:13:58,320 --> 00:14:03,320
‫to data about reviews is to call all of the tours.

297
00:14:03,350 --> 00:14:04,183
‫Right?

298
00:14:04,183 --> 00:14:07,460
‫At least for people that are not authenticated.

299
00:14:07,460 --> 00:14:08,450
‫Okay?

300
00:14:08,450 --> 00:14:11,380
‫So, let's close all of this,

301
00:14:11,380 --> 00:14:14,470
‫and so I think we're now good to go,

302
00:14:14,470 --> 00:14:16,890
‫and we actually finished this part as well.

303
00:14:16,890 --> 00:14:18,940
‫Let's just clean it up here a little bit.

304
00:14:20,210 --> 00:14:23,610
‫And yeah, I think that's it.

305
00:14:23,610 --> 00:14:26,340
‫So with this we actually finished the authentication

306
00:14:26,340 --> 00:14:30,070
‫and authorization parts of all our three resources,

307
00:14:30,070 --> 00:14:33,040
‫so we're really close to finishing our API here.

308
00:14:33,040 --> 00:14:35,920
‫There's only a small amount of things left to do,

309
00:14:35,920 --> 00:14:37,520
‫and so we're going to do all of that

310
00:14:37,520 --> 00:14:39,103
‫in the rest of this section.