API and Authentication Training
This 3-day course covers building secure APIs and implementing authentication in SvelteKit applications. Topics include API route design, form actions for mutations, server hooks for middleware, authentication with Lucia/Auth.js, OAuth providers, JWT and session management, CSRF protection, rate limiting, and security best practices.
Build secure, data-driven applications with this focused 2-day training on SvelteKit server-side capabilities. Master server routes, hooks, authentication patterns, and database integration to create robust full-stack applications with proper access control.
Training Details
| Duration | 2 days (16 hours) |
| Level | Intermediate |
| Delivery | In-person, Live online, Hybrid |
| Certification | N/A |
Who Is This For?
- Full-stack developers building authenticated SvelteKit applications
- Backend developers integrating with SvelteKit server routes
- Teams implementing user authentication and authorization
- Developers connecting SvelteKit to databases and external APIs
Learning Outcomes
After completing this training, participants will be able to:
- Build RESTful API endpoints with SvelteKit server routes
- Implement authentication flows including OAuth, session-based, and JWT
- Use hooks for middleware patterns, guards, and request processing
- Integrate databases using Prisma or Drizzle ORM
- Protect routes and API endpoints with authorization checks
- Handle errors, validation, and security best practices
Detailed Agenda
Day 1: Server Routes and API Design
Module 1: SvelteKit Server Routes
- `+server.ts` files and HTTP method handlers
- Request parsing: headers, params, body, cookies
- Response construction and streaming
- Error handling with `error()` and `json()`
- Hands-on: Build a complete REST API
Module 2: Hooks and Middleware
- The `handle` hook for request interception
- `handleFetch` for outgoing request modification
- `handleError` for centralized error handling
- Sequencing hooks and composing middleware
- Hands-on: Implement rate limiting and request logging
Module 3: Database Integration
- Prisma setup and schema design with SvelteKit
- Drizzle ORM as a lightweight alternative
- Database connection management and pooling
- Migrations and seeding strategies
- Hands-on: Connect and query a PostgreSQL database
Day 2: Authentication and Authorization
Module 4: Session-Based Authentication
- Cookie-based sessions with secure defaults
- Login, logout, and registration flows
- Password hashing with bcrypt and Argon2
- Session storage and expiration management
- Hands-on: Build email/password authentication
Module 5: OAuth and Social Login
- OAuth 2.0 flow with SvelteKit
- GitHub, Google, and custom OAuth providers
- Token exchange and profile fetching
- Linking multiple providers to one account
- Hands-on: Implement GitHub OAuth login
Module 6: Authorization and Security
- Route protection with hooks and load functions
- Role-based and permission-based access control
- CSRF protection and security headers
- Input validation and sanitization
- Hands-on: Build a role-based admin dashboard
Prerequisites
- SvelteKit fundamentals (routing, load functions, form actions)
- Basic understanding of HTTP, cookies, and authentication concepts
- Familiarity with SQL databases
- JavaScript/TypeScript proficiency
Delivery Formats
| Format | Description |
|---|---|
| In-Person | On-site at your company's location, hands-on with direct interaction |
| Live Online | Interactive virtual sessions with screen sharing and real-time labs |
| Hybrid | Combination of on-site and remote sessions, flexible scheduling |
All formats include hands-on labs, course materials, authentication starter kits, and post-training support.
Ready to get started?
Request a training quote for your team — in-person, live-online, or hybrid.