Stack Overflow
Stack Overflow

Questions tagged [rest-security]

RESTful security tag groups all posts related to securing REST applications

50 questions
1
vote
1 answer

Checking hashed REST API token

I authorize all REST API requests by checking token in Authorization header: POST /rest/resource HTTP/1.1 Host: domain.com Authorization: Bearer AbCdEf123456 The token is plain text, using HTTPS. However, the token is salted and hashed in the…
Petr B
  • 519
  • 2
  • 6
  • 15
1
vote
1 answer

MessageSecurity with webHttpBinding

I am reading security concepts of WCF in 'Programming WCF Services' book. In that i got points like generally transport security is good for intranet scenarios because of point-point etc. For internet scenarios, we can use message security as the…
Akhil
  • 1,918
  • 5
  • 30
  • 74
1
vote
0 answers

How can I secure a restful web service for consumption by a browser client?

I have a rest service that I need to use in a browser web application using a JS MVC client framework like Backbone or Angular. But I need to ensure that my rest services are not exposed or anyone else may not be able to use my rest service to build…
mickeymoon
  • 4,820
  • 5
  • 31
  • 56
0
votes
5 answers

Rest api in java using https

when I am creating Restservices in java using GET, POST etc then I am requesting them using http protocol. as soon as i use https it gives error. for eg : http://localhost:8080/demorest/webapi/aliens is working properly. but when I query same…
user9892866
0
votes
1 answer

Usernames with .bat/.exe in the URL - alternative

I am working with a URL which takes in the username for a GET call. Ex: https://example.com/details/< username > However, if the username contains ".bat" or ".exe" (ex: mm.baty - https://example.com/details/mm.baty), there might be some security…
manvitha C
  • 7
  • 1
  • 3
0
votes
1 answer

how to secure rest api with api keys without spring security

I have a rest api MyRestApi.war which is a spring boot and spring mvc project. There is another web project A.war which is a normal spring project. Its front-end such as javascript and back-end such as java code need to call MyRestApi. User need to…
frank
  • 1,169
  • 18
  • 43
0
votes
1 answer

How to verify requests in backend

I'm creating a payment android library(aar) and i have to make sure that all of the requests that i got in back-end are from my lib not a fake lib. how can i do it?
Milad Bahmanabadi
  • 946
  • 11
  • 27
0
votes
1 answer

Client side API security

I was implementing Olark live chat on my website and all I had to do is implement following js code.