Today, we’re building a secure, API-driven volunteer attendance tracking system with three key features:
Volunteer Signup API
Volunteer Login API – External Consumers of the API
Attendance Submission API – Which will need to be JWT bearer token authenticated.
Watch Tutorial Video — Building Attendance Tracking APIs with JWT and API Keys Authentication
Technology Stack
Here we are connecting to an external Supabase database which is a PostgreSQL db to manage volunteer details, including usernames, hashed passwords, and attendance. SHA-2 hashing secures passwords, while the attendance tracking API is authenticated using JWT-signed tokens.
Volunteer Signup
Volunteers can register by providing their name, email, and password (securely hashed using SHA-2). Upon successful signup, the API will return newly created Volunteer_ID
Once you log into the Silverline API application, ensure that the Volunteer database is connected under Data Sources. This connection is essential for building and executing queries against the database.
Next, navigate to the APIs tab and click the New API button. In the source selection, choose the Volunteer database. Assign a name to this API, let’s call it Volunteer_Signup.
In the query creation step, you have two options: manually writing the query or leveraging Silverline API’s AI assistant. To use AI, simply describe the requirement in natural language. Enter the following prompt:
“Write a query to insert a new volunteer with parameters formatted as {{parameters}}, for username, email and password . Use SHA2 hashing for the passwords”
“Return the newly created volunteer’s Volunteer_id”
At this point we can go to the script setup and say if the volunteer_id returned is not a positive value then return a -1, this will be used to catch any issues.
Navigate to the Script tab and write in natural language – if {{queryResultset}} does not have a value greater than 0 for the attribute volunteer_id, then return the attribute volunteer_id as -1
Before finalizing, execute the query with sample data to verify that everything functions correctly. Once confirmed, click Save.
Now, go to the API Access Control tab and configure authentication by selecting Key-based Authentication. Then, click Publish at the bottom right corner of the screen.
To enhance usability, assign a friendly name to the API endpoint. Navigate to Optional Settings and set the name to signup as this API route name.
Your Volunteer Signup API is now live and ready for use!
User Authentication (Login)
Volunteers log in using their registered email and password. If authentication is successful, the API responds with an authentication token and volunteer ID. If login fails, it returns volunteer ID -1.
To create this API, navigate to the APIs tab as before and click the New API button. This time, be sure to check the box for “Login API.” This setting informs the system that the API must return a JWT- signed token, which will be valid for 3 hours. (Note: Paid tiers offer granular control over token expiration and settings.)
Next, enter the query description in natural language:
“Write a login query to authenticate users against the Volunteers table by matching the provided {{username}} and {{password}}. The password should be hashed using SHA2 before comparison. If authentication is successful, return the corresponding Volunteer_id.”
“if comparison fails return Volunteer_id values as -1”
(Since this is an authentication API with users stored in an external database, we need to assign them groups for access control. When users access protected APIs, their requests will be validated against these groups, allowing access only to permitted users. To achieve this, each user is assigned a group in the x-silverline-groups variable. )
If the comparison is successful, return a field called x-silverline-groups with the value Team_Volunteers. If the comparison fails, return Volunteer_ID as -1 and x-silverline-groups as auth_failed.
“
Once the query is set up, test it with sample data, save it, and publish your Volunteer_Login_API API.
You can copy your API from the API endpoint tab.
To enhance usability, assign a friendly name to the API endpoint. Navigate to Optional Settings and set the name to login as this API route name.
Attendance Submission
Once authenticated, volunteers can submit their attendance by providing their authentication token and volunteer_id, which is included in their authentication token. The API validates the token before recording attendance. If the attendance is successfully recorded, the API responds with the newly created attendance_id.
To mark attendance, the query inserts a record with volunteer_id and status as Present. After insertion, the newly created attendance_id is retrieved.
We can build this query using natural language as –
“Write a query to record attendance for {{token.Volunteer_ID}} as Present. After inserting the record, retrieve the newly generated attendance_id.”
Our login API includes Volunteer_ID in the JWT claims, allowing us to access it via {{token.Volunteer_ID}}. Alternatively, we can pass it as a POST parameter.
Lets give this API a name ‘Volunteer_Attendance’
Ensure this API validates incoming requests based on assigned groups. In the login API, users were assigned to the Team_Volunteers group in the x-silverline-groups variable. To make sure access is restricted to only those belonging to this group. Go to the API access control tab and go to groups and add the group. Once the query is set up, test it with sample data, save it, and publish the Volunteer_Attendance API. The API URL can be copied from the API Endpoint tab. To improve usability, navigate to Optional Settings and set the API route name to attendance.
