Highest Voted 'api-security' Questions

0

votes

0 answers

OTK(Open Token) Vs JWT

What is the purpose of Open token(OTK) and how is it different from JWT. I understand the technical implementation is different, but apart from that what is the difference in terms of usage. When to use a JWT and when to use an Open Token?

asked Sep 22 '21 at 07:30

Avinash Singh

63
5

0

votes

1 answer

How work Google API restriction for Android?

Apparently, Google offers a system that allows API consumers to use their APIs only in Android applications for security. To use this system, you only need to give the Android package name and the SHA-1 key of your application's Keystore file. Can…

android google-api api-security

asked Sep 09 '21 at 20:00

ridvanaltun

2,595
2
15
28

0

votes

0 answers

Securing public APIs for access by intended people Only

I have several endpoints to be accessed by third party. (This are not registered users) I am looking for the best way to ensure no anonymous requested receive the data. I have thought of using RSA, i give a public key through another endpoint, that…

express rsa public-key-encryption api-security

asked Aug 06 '21 at 12:45

Mbanda

968
11
21

0

votes

1 answer

Azure APIM, API security implementation, JWT

I want to implement security to my APIs in azure APIM. I am looking for implementation of JWT validation policy for my APIs in APIM. So that my APIs are secure and token are validated. I can not found any good article that explain me how to…

azure azure-active-directory jwt azure-api-management api-security

asked Jul 06 '21 at 10:33

Rajesh

301
3
8

0

votes

1 answer

Use OAuth2.0 Resource Owner Password credentials to access a secured API

I have an secured API student API which I am able to access via OAuth2.0 client credentials flow which creates an access token using IConfidentialClientApplication app and accesses secured app. Now comes to access the secured API using OAuth 2.0…

azure security oauth-2.0 azure-active-directory api-security

asked Dec 11 '20 at 16:54

sabyasachi bisoyi

1
1

0

votes

1 answer

Supply a new JWT in case of expiration

My customer is a company that has credentials for my webserver and I want him to let his end-users to call my API with JWT that I supply for him. this is the flow: The end-user asks for a web page from the customer's webserver If the end-user has…

security jwt api-security

asked Oct 25 '20 at 13:24

Yair Cohen

417
4
16

0

votes

1 answer

Does it make sense to have an API key for accessing my api on my frontend?

as I understand, API key's are typically used for 3rd party access, but does it make sense to use one in order to verify it's my frontend talking to the api? I want to secure my API as best as it can be, so any other ideas for improving its security…

api web django-rest-framework api-security

asked Sep 11 '20 at 11:48

b00n.

35
1
4

-2

votes

1 answer

Preventing to send requests from different devices

I have a Spring Boot project with a login endpoint that generates a token for accessing other endpoints. When a user logs in from a specific device (browser or application), I want to add a security measure that prevents the generated token from…

spring-boot api security spring-security api-security

asked May 15 '23 at 08:08

Eltac Shikhsaidov

93
8

-2

votes

1 answer

How can I protect my Java Spring Boot API with my own Custom Token System?

I am trying to protect my Java Spring API with a Token System. The aim is that I can say, if the token has privileges an which (Token xyz is Admin or just a User) In the Controller I'd like to say that only Admins are allowed to call the method. I…

java spring-boot token api-security

asked Mar 05 '21 at 20:29

matthias-schneglberger

29
7

Questions tagged [api-security]