Reputation: 257
Blocking REST API calls
is there a way to block REST API calls to a non authorized client? is there a way to make the API "limited" to (public for) only small number of well defined clients?
thanks :-)
Upvotes: 1
Views: 5356
Answers (3)
Reputation: 7243
You just need to implement security mechanisms in your RESTful Service, so it denies access to unauthorized clients (with a 404 or 401 response code). There are several ways to achieve this:
- Relay on HTTP authentication mechanisms, like Basic Authentication
- Implement a Custom Authentication framework, that overcomes HTTP Basic Authentication limitations. Amazon has an interesting approach that includes custom HTTP headers and supports hashing.
- Use an existing security framework and add its capabilities to your service. Spring Security sounds like a great option.
Upvotes: 1
Reputation: 5603
If you are using RESTFul HTTP
you can add an HttpServletFilter to your web.xml which prevents unauthorized clients from accessing your REST Methods.
See Securing JAX-RS and RESTeasy
If you use the Spring Framework you and you don't want to implement your own HttServletFilter you can use Spring Security
Upvotes: 1
Reputation:
You can deploy mutually-authenticated SSL between your clients and your server. You can use self-signed certificates here so you don't need to buy any from a CA. This will ensure that your server only accepts requests from clients that have the client-side certificate (configure your server to only accept the self-signed client certificates deployed on your clients for client authentication).
Upvotes: 2
Related Questions
- REST API Authentication
- Securing a RESTful API
- Safely disable WP REST API
- Block users from REST API endpoint while still grabbing data from it
- How to prevent authenticated user from spoofing restful api calls
- Restrict access to WordPress REST API
- RESTful API security
- Prevent direct api access from browser
- Block unwanted use of json API
- Blocking external calls to an API (security)