Collaborate Disseminate
I’m developing a REST API that may take in private information. To make it secure, I want to have the API only accessible using HTTPS. Basically, what is the best way to enforce HTTPS only?
Here are some things I was thinkin… Continue reading Enforcing HTTPS Only With REST API
So I have a web page running a JavaScript application, and a web service that the application makes HTTP PUT requests against. The service uses access tokens to verify the user’s identity, but now I’m scratching my head about how to prevent authorized users from using the API inappropriately. I.e. what’s to stop a malicious user from simply inspecting outgoing traffic in their browser, copying the service url and their access token, and using it to spam calls against the service?
Is there a standard way of preventing this sort of misuse? I thought I’d be able to hide or encrypt the user’s tokens so they can’t see them, but it doesn’t seem like that’s possible.
Cheers!
Continue reading Preventing malicious usage from users with access tokens
I have a desktop application which creates and stores a fair amount of data (mostly on its own, not through traditional user input); mostly statistical in nature.
Currently the data is mostly accessible only to other applica… Continue reading API security where the server is also client-side
I am about to develop a REST API that will only have one “user” and I am curious about how I should implement security to make it as secure as possible(hopefully implementing some protocol that I am currently unaware of).
HTTP Verb tempering using MITM attack possibilities and prevention in rest api.
If an application URL is dependent only on http method to determine it’s action, how can we reduce impact of tempering by someone using MITM tec… Continue reading HTTP Verb tempering using MITM attack possibilities and prevention in rest api
Scope
Currently we are developing a backend REST API which is consumed by handful of MVC applications. In this case we are talking only about server-server communication and the API won’t be consumed by any user directly. Th… Continue reading What’s the state-of-the-art approach to secure a backend API?
I’m creating an API for a web application that will be available to the general public. It is going to be a REST API (utilizing HTTP) to send and receive data. The web applications purpose is to provide analytics and therefor… Continue reading Authentication For Public API
There is a REST API service. An endpoint is responsible for creation of user accounts. Each user is supposed to have an RSA keypair generated and stored on a server. To protect the private keys from being read by a possible adversary, priv… Continue reading Generating RSA keypair (safety/performance) in REST service
Background
I am going to develop a solution which contains REST services( Hosted in a Web server) and mobile clients. The data that needs pass-in to/from REST services are sensitive and I need to comeup with suitable securi… Continue reading JSON Payload signin and encryption
I am making RPi based device with touchscreen and web interface. There will be core application with REST API, separate application for controlling touchscreen (on localhost) and one more for serving website. Nginx for https,… Continue reading Override authentication for REST API resource on localhost