Collaborate Disseminate
I somehow need to accomplish the following:
User accesses a application written in JavaScript.
Application uses SSO to identify the user who is logged into Windows.
Application obtains the access role for that user for the … Continue reading Secure REST API that only works for users authenticated by App with SSO (OAuth?)
We are trying to decide the best approach to designing our new interface with our consumers. Currently we are talking about an Rest API. However there is some debate among our team about how to handle a specific situation. Currently, our… Continue reading Rest API Sensitive Data GET
Currently I am in a project where I have to test REST APIs among other things. In another question of mine I also discussed the topics Definition of Ready and Definition of Done regarding security.
Since I am planning a new s… Continue reading Security and the Definition of Ready and Done
In my current project I am also setting up the area of security testing. So far there was no way to use security within the REST API development. Beside the known approach, e.g. using static software solutions within a stagin… Continue reading Rest API Security Guideline. Developer Rules?
I have a website and i want to consume public API from third party services such as Zoopla, weather etc.
I want to ensure i do not consume malicious code/malware from the data retrieved from the 3rd party services.
What ar… Continue reading Security considerations of consuming public API
This seems a common use case, but I have not been able to find a satisfactory answer. We have a public REST API, which we want 3rd parties to be able to write their own Progressive Web Applications and call the API. This mean… Continue reading Cross site security for public REST API
Generally speaking, home automation isn’t as cheap or as easy as most people would like. There are too many incompatible protocols, and more often than not, getting everything talking requires you to begrudgingly sign up for some “cloud” service that you didn’t ask for. If you’re an Apple aficionado, there …read more
Continue reading Homekit Compatible Sonoff Firmware Without A Bridge
I want to implement a telemetry data sender into my electron app. The API which I want to connect to is public. So any crash reports or any other data from the user is sent to it. The problem is how do I secure the API to pre… Continue reading Public report/telemetry API
This question is an exact duplicate of:
Preventing malicious usage from users with access tokens
2 answers
Background
I … Continue reading Server to Server API Security [duplicate]
I went thru multiple posts saying how implicit grant is a security risk and why auth code grant with AJAX request to Authorization server should be used after redirecting to application (without client_secret passed to Auth s… Continue reading Which grant type : Implicit or Auth code (with No secret key) is suitable for Single Page Application(SPA)?