Authenticating the request header with Express
That's what middleware is for:
app.use(function(req, res, next) { if (!req.headers.authorization) { return res.status(403).json({ error: 'No credentials sent!' }); } next();});...all your protected routes...
Make sure that the middleware is declared before the routes to which the middleware should apply.