API Security: Add links to 'Additional resources'

nodeJS/apis/api_security.md

@@ -1,8 +1,8 @@
 ### Introduction
 
-Securing your API is an important step. When we were using Express to serve view templates we used PassportJS along with a username and password to authenticate users, but that is not the only way to secure an Express app, and in the context of an API it often makes sense to use a different strategy.  The username and password session pattern that we learned previously will still work of course, though it is made a little more complicated by the fact that we've separated our front-end code from the back-end.
+Securing your API is an important step. When we were using Express to serve view templates we used PassportJS along with a username and password to authenticate users, but that is not the only way to secure an Express app, and in the context of an API it often makes sense to use a different strategy. The username and password session pattern that we learned previously will still work of course, though it is made a little more complicated by the fact that we've separated our front-end code from the back-end.
 
-Another strategy is to generate and pass a secure **token** between our back-end and front-end code.  <span id='secure-token'>Doing so will make sure that our user's username and password are not compromised and will also give us the ability to expire our user's session for added security</span>. The basic idea is that when a user signs in to our app, a secure token is created, and then for all subsequent requests <span id='pass-token'>that token is passed in the header of our request object</span>. In the end, the process is straightforward since you should already be comfortable with using passport to authenticate users.
+Another strategy is to generate and pass a secure **token** between our back-end and front-end code. <span id='secure-token'>Doing so will make sure that our user's username and password are not compromised and will also give us the ability to expire our user's session for added security</span>. The basic idea is that when a user signs in to our app, a secure token is created, and then for all subsequent requests <span id='pass-token'>that token is passed in the header of our request object</span>. In the end, the process is straightforward since you should already be comfortable with using passport to authenticate users.
 
 This strategy, while particularly useful with APIs can be used with a traditional view-template project as well. The main difference here is that instead of setting and checking a cookie we're passing a special token in the header of our request. In our previous Authentication Tutorial, the Passport middleware checked the cookie that was sent and then either authenticated or denied our user. In this case, we're going to do something very similar, but instead of using cookies, we're going to pass the token.
 
@@ -42,3 +42,5 @@ This section contains helpful links to related content. It isn't required, so co
 - This article is a [guide for JWT Authentication Using Node.js and Express](https://web.archive.org/web/20230207144457/https://laptrinhx.com/a-practical-guide-for-jwt-authentication-using-node-js-and-express-917791379/).
 - This article is a [more concise guide for using JWTs in Express](https://medium.com/@paul.allies/stateless-auth-with-express-passport-jwt-7a55ffae0a5c).
 - [Not everyone agrees that JWTs are the best way to store authentication data](https://www.youtube.com/watch?v=JdGOb7AxUo0). This video is one argument against using them, and some of the pitfalls that you may encounter with using them.
+- This series from Brian Lego provides a clear guide to implementing authentication in Node.js using HTTP cookies, JWT , and bcrypt for password hashing. [First](https://javascript.plainenglish.io/auth-in-node-js-http-cookies-jwt-bcrypt-part-1-64b3c0159035),
+  [second](https://javascript.plainenglish.io/authentication-in-node-js-adding-validation-part-2-bb3fbbaa7494), and [third](https://javascript.plainenglish.io/authentication-in-node-js-part-3-8604a09b2ca4).