Buzzard Protocol implementation

npm install buzzard
14 downloads in the last week
16 downloads in the last month


Build Status

Authentication protocol for HTTPS services.


Uses an Authorization header containing, nonce, timestamp and authentication code, produced by the client.

Also supports URL-based authentication.

The client holds a secret key that it uses to craft the authentication code from the nonce and the timestamp.

The server gets the nonce so that it can validate if the nonce is repeated.

Supports browserify.

JS Client


In Node.js you can get a reference to the Buzzard client library like this:

var Client = require('buzzard').client;


On the browser, using browserify you can get a reference to the client library simply like this: (the server part of buzzard is not included for a smaller bundle size)

var Client = require('buzzard');


Creates a header given a credential:

var Client = require('buzzard').client;

var credentials = {
  id: 'iiiidddd',
  key: 'kkkeeeyyy',
  algorithm: 'sha1'

var header = Client.header(credentials);

// use request, jquery or whatvs, just be sure to send the HTTP header:

'Authorization': header


Creates a URL given a base URL and a credential:

var Client = require('buzzard').client;

var credentials = {
  id: 'iiiidddd',
  key: 'kkkeeeyyy',
  algorithm: 'sha1'

var baseURL = ''
var url = Client.url(baseURL, credentials);


Construct the server validator

Construct a server validator by providing a function that fetches the credentials given a credential id;

var Buzzard = require('buzzard').server;
var buzzard = Buzzard(getCredentials);

// stupid example

var credentials = {

  'user1': {
    id: 'user1',
    key: 'kkkeeeyyy1',
    algorithm: 'sha1'

  'user2': {
    id: 'user2',
    key: 'kkkeeeyyy2',
    algorithm: 'sha1'

/// cb is error-first
function getCredentials(id, cb) {
  cb(null, credentials[id]);


Authenticates a request object, either using authorization header or URL.

server.on('request', authenticate);

function authenticate(req) {
  buzzard.authenticate(req, authenticated);

  function authenticated(err, credentials, attributes) {
    if (err) {
      res.statusCode = err.response.code;
    } else {
      console.log('user id %s used nonce %s',, attributes.nonce);

      // validate nonce...

      res.end('You have access!!!');


Connect and Restify-compatible middleware:

var BuzzardMiddleware = require('buzzard').server.middleware;
var buzzardMiddleware = BuzzardMiddleware(credentialsFunc);




npm loves you