Best security practices when sending a credit card number to the REST API from iOS

Question

Best security practices when sending a credit card number to the REST API from iOS

My application must interact with the API, we can easily do this in order to send and receive data.

Now we send everything as plain text as a parameter of the URL.

I'm by no means a security expert, but common sense tells me that the credit card number must be encrypted during the transfer.

The server may worry about storage, my only problem is the actual data transfer.

From my reading, I promise that I need a private key encryption algorithm, since it must be canceled by the server to receive the actual data.

Is it already well implemented in CommonCrypto?

What would be your recommendation?

I want to do this using iOS, and I’m sure that the security framework has tools for this task, I just don’t know where to look or what to look for.

Thanks!

+4

security http ios iphone ipad

Zebs 15 sept. '11 at 0:56

source share

1 answer

Ben baron · Accepted Answer · 2011-09-15T01:01:33+0000

You should absolutely not use URL parameters for credit card information. URLs accessed by other clients on the network can be easily sniffed and written down by other computers on the network (with certain limitations, of course).

You must send the information using the POST parameters so that they are contained in the body of the message, not the URL itself. Then, while you send to the HTTPS page, the data should be secure without the need for encryption in the first place (the message itself is encrypted using SSL in this case).

Best security practices when sending a credit card number to the REST API from iOS

More articles: