leverjs uses multiple layers of security. there is a firewall first that controls access to the ports opened up by the leverjs servers. then there is a reverse proxy web server that routes the incoming requests. i really like nginx for this — config info to follow in another post. both the firewall and the reverse proxy can control access by ip addresses and ranges, or even by individual machine addresses.
beyond firewall and reverse proxy, there are two additional security systems used by leverjs. both are built on top of JSON web tokens (jwt). check out https://jwt.io for more info on this technology. I really like the use of cryptographic hashing for digital signatures.
the first security system is for UI (human) access to the leverjs server, via the web browser. for this, i’ve been using a free service from a website called auth0 (https://auth0.com). more details on this configuration coming soon…
the second security system is for programmatic access to the api, e.g. HTTPS PUSH commands from a client like MATLAB, Python or even CURL. These use JSON web tokens directly using functionality built into leverjs. See leverjs/keygen.js for details on generating and server.js for verifying signatures. See matlab/JWT/getJWT.m for details on how to obtain and set JWT credentials on API calls.