SSL certificate for WebAPI
We have a simple system with a REST service (WebAPI) that will be hosted on one machine (hosted on IIS on a custom port, port numer 3031) and with a website hosted on another machine that will be talking to the service.
Category Archives: rest
Rest service Password securing
I have a REST service A, which communicates with REST service B (both are internally hosted within the company network). REST service B is accessed via a service ID & plain password.
How do I store service B’s password s… Continue reading Rest service Password securing
Why using oAuth2 refresh token is more secure then regenerate an access_token?
I’m implementing an oAuth2 authentification to secure my REST Api.
As I am implementing oAuth2, I need to generate an access_token which will give me a temporary access to my REST datas.
To do it, I simply send an HTTP reques… Continue reading Why using oAuth2 refresh token is more secure then regenerate an access_token?
Authentication in RestAPI
I want to implement a security mechanism by which i can secure my RestApi from the “Clients who are not what they claim to be”. In my case the consumer of API for now is another web service not browser.
I have read numerous a… Continue reading Authentication in RestAPI
Is it more secure to program a client-server system in a language other than English?
I’m developing a system with communication via REST between front (JavaScript) and back end (Java/Spring) and this question popped up.
Does it makes this system more secure to name variables, URLs, etc in a language other th… Continue reading Is it more secure to program a client-server system in a language other than English?
Is switching protocols a security measure worth implementing?
We deploy our internet facing applications in multiple vlans and there is a rule that talking from one vlan to the next has to be done in another protocol or an other implementation of the protocol.
E.g.
[Internet] –https… Continue reading Is switching protocols a security measure worth implementing?
Dynamic web Token to hit APIs request
I have a use case where application need to send a dynamic web token to REST APIs and Server has to validate it without storing it.
Is there any standard way to do it.
Generating one time URLs which can be revoked
I have a requirement to generate a one time use URL which should have the following features:
As the URL query parameters may contain sensitive information, it should be encrypted (on top of https encryption).
Once used, the URL cannot b… Continue reading Generating one time URLs which can be revoked
How to store `client_secret` privately on frontend applications?
I am trying to understand how authentication and authorization should work with a REST API given that the API will be available to be used by third-party applications.
I realize that if we allow other applications to use ou… Continue reading How to store `client_secret` privately on frontend applications?
Security of Publicly exposed REST APIs
We are in a process to expose some data (not sensitive) via REST APIs. Our API consumer requested the same using only API Key authentication. No Mutual Authentication TLS, no OAuth but plain simple API Key based authentication.
I would l… Continue reading Security of Publicly exposed REST APIs