Make my web api safe?

Question

Make my web api safe?

I am creating a simple web api that returns json.

It will perform simple crud operations.

What is the best way to authenticate users, OAuth seems to be the main recommendation here, but I'm looking for something that I can implement myself, a token-based key and API?

Any advice on suggestions for ideas would be great, thanks

UPDATE: Forgot to mention, this API will not be for general consumption, it is only for my own use, but I want to make sure that someone cannot enter too easily if they stumble upon it.

+8

security api web

Rigertt song Nov 07 '11 at 15:01

source share

1 answer

rook · Accepted Answer · 2011-11-07T15:15:14+0000

First of all, in order to create a good API, you must use other people's APIs to see how they work. To be RESTful, an API key is used, which is simply a very large random number or "cryptographic nonce". But in fact, this is exactly the same as the immortal session identifier for searching user authentication information, which is not so great. OAuth is great if you want your own kerberos system to be very secure.

Maybe hijack json response , which is a trap against json. If an API key is required for each request, the attacker cannot use this method.

Make my web api safe?

More articles: