It's likely that your application will get its data from an API of some sort. It turns out to be pretty simple to protect the resources served by an API such that only users holding a valid access token can get to them. Let's set up a simple Node API using express and then we'll add a middleware to protect individual endpoints.