Reputation: 1911
API design and security when dealing with AJAX
I'm beginning to build out an API using .NET Web API. I'm coming across scenarios where I need to think about how to prevent abuse of my API. Take this example:
On my account creation form, I have a client-side check to see if the username is taken. This check is something like this:
var exists = false;
$.ajax({
url: '/api/people?username=' + name,
method: 'GET',
async: false,
success: function (response) {
exists = response;
},
error: function (XMLHttpRequest, textStatus, errorThrown) {
//alert('error');
}
});
return exists;
My ultimate question is: how do best secure my API so that someone can't build something that just pings https://example.com/api/people?username=blah looking for info? I've read about adding Basic Auth, but how is that design best implemented in this scenario?
Upvotes: 0
Views: 95
Answers (1)
Reputation: 306
You could consider using Access Control rules and only allow calls from www.example.com, so if someone calls from www.othersite.com, it will reject the request.
But if you're trying to allow outside sites to access your API, you will definitely need authentication. Hope this helps!!
Upvotes: 1
Related Questions
- Securing a API consumed by AJAX
- Making a web API secure?
- Web security for 'special' API
- ASP.NET WEB API 2 Security advice
- Web Service with AJAX Security Best practices
- how to secure a Web Api
- how secure credentials in an ajax request to get a token (oauth)
- How can I protect an HTTP REST API from malicious use?
- REST API Public/Secure Architecture
- Security in Web Api