Stack Overflow
Stack Overflow

Questions tagged [rest-security]

RESTful security tag groups all posts related to securing REST applications

50 questions
2
votes
1 answer

Using OAuth2 for securing a monolith private REST api?

Maybe this question seems opinion based, but I am facing a hard time in deciding to secure a RESTful API. Firstly, my use-case: My application is pretty straight forward: The front-end is written using React.js(for browser client) and that will…
The Coder
  • 3,447
  • 7
  • 46
  • 81
2
votes
1 answer

How to allow access to API only for own pages?

I'm developing Spring Boot web application, that provides REST API. Most of my pages(thymeleaf templates) use this API to communicate with back-end(using AJAX requests). I have read about different approaches such as Basic Authentication, OAuth2…
Glinskiy Vladislav
  • 91
  • 1
  • 1
  • 3
2
votes
2 answers

OAuth 2.0 Life cycle of "code" in Authorization code Grant

Authorization code Grant : I know the code is short lived token exchanged for the real long-lived access token. I have gone through the Oauth 2.0 but could not find this information so asking here: What is the life cycle of code? Is it for only…
Suraj
  • 1,625
  • 1
  • 15
  • 33
2
votes
2 answers

Can a hacker surpass internet http rest calls from desktop application?

I have made a desktop software in C# and i am going to make a 30 day free trail of the software ,now i will check the date and time from some server to check the date ... My question is, can the hacker hack this and produce somekind of key or steps…
Shreyans jain
  • 559
  • 6
  • 18
2
votes
1 answer

Access Security of Couchbase Server

I'm new in Couchbase and I couldn't find any source regarding my question. I've intended to develop a mobile application using Cordova(Phonegap). And I've thought Couchbase as a database is a good solution. But I have a question regarding…
efkan
  • 12,991
  • 6
  • 73
  • 106
2
votes
0 answers

Prevent XML Entity Expansion in RestEasy

I was testing WildFly 8.1 across XXE vulnerability and I've found pretty annoying thing. JAXB by default uses secure parsing and respect entityExpansionLimit property (default to 64k). Since it works in Spring MVC in RestEasy it's being ignored (no…
Jakub Kubrynski
  • 13,724
  • 6
  • 60
  • 85
1
vote
0 answers

Best Practices for authorizing local scripts via oauth to access Web Services

I couldn't find information on how other people solve this, so maybe you can help me out. What I have Multiple Services with REST APIs, that are secured using OpenID Connect. Connections between the Services work fine. Now I have multiple…
Chules
  • 426
  • 2
  • 8
1
vote
1 answer

how to prevent signed token users from accessing the API response through brower developer tools?

The web app already implements the JWT and HTTPS, the problem is the json response sent from server (Node js) to the signed token users is visible in client (react js) browser dev tool. Is there any way I could use encryption modules to prevent the…
mdpura
  • 39
  • 2
1
vote
0 answers

Rest API protection for public URls

i am building a Hybrid mobile app using IONIC 3. The App has a set of pages accessible by authenticated users and a set for anonymous users. The public pages are for registration requests etc.. The app uses rest services with JWT authentication…
onlinejava
  • 163
  • 1
  • 4
  • 14
1
vote
0 answers

Error getting response stream (Write: The authentication or decryption has failed.): SendFailure

I have a script that calls a webservice over https. When I build with swagger in C# Mono for Unity I get: Error calling AuthenticatePost: Error getting response stream (Write: The authentication or decryption has failed.): SendFailure I already…
linker85
  • 1,601
  • 5
  • 26
  • 44
1
vote
1 answer

OAuth 2.0 for REST Web services

i'm implementing a REST layer for an existing application. I have my userid and passwords stored in database and i would like to authenticate these credentials while calling my REST services. Note that this is a standalone application. After…
Vishal
  • 107
  • 1
  • 4
  • 12
1
vote
1 answer

authenctication token in a queryString

Our current implementation of the REST API uses apiKey inside queryString for all type of request(PUT, POST, GET). I feel it's wrong but can't explain why(maybe the apiKey can be cashed somewhere between server and client). Something like: POST…
kharandziuk
  • 12,020
  • 17
  • 63
  • 121
1
vote
1 answer

API authenfication using a token

I'm working on a website and I'm not sure to understand something about authentification. I've got a website with an external API, my website can ask informations to my API to retrieves data like users, articles, …. In addition, users can creates…
jidapola
  • 11
  • 2
1
vote
1 answer

restful Web Parameter Tampering

I am trying to understand how I can implement security using a restful client for an authenticated user. The scenario I am having trouble is how to stop a user from updating a purchase that's not his own since the restful client passes a purchase id…
work monitored
  • 431
  • 6
  • 17
1
vote
2 answers

how to secure rest api with query authentication

I have a rest API which create by asp.net webservice, and I have an android and IOS application which call the api and show some data to the user. what I need is to secure my API in a way that only my application can access to the data through the…
Mohamad MohamadPoor
  • 1,350
  • 2
  • 14
  • 35
1
2
3 4