6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Making a secure rest get request\",\"text\":\"

Usually if I want to return some data from a server, I would make a POST request with some token inside the request body:

\\n\\n

$token = filter_input(INPUT_POST, 'token');\\n$request = filter_input(INPUT_POST, 'request');\\n

\\n\\n

But what about securing GET rest api requests? I don't want to place tokens inside the URL. How should I send a security token inside a GET request?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"user99999\"},\"upvoteCount\":0,\"answerCount\":1,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","php",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/php/1","children":"php"}]}],["$","span","rest",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/rest/1","children":"rest"}]}],["$","span","http",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/http/1","children":"http"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/56838bc3d329b0083e555f575f25f7f5?s=256&d=identicon&r=PG&f=y&so-version=2","alt":"user99999","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/5479258/user99999","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"user99999"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",2024]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Making a secure rest get request"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

Usually if I want to return some data from a server, I would make a POST request with some token inside the request body:

\n\n

$token = filter_input(INPUT_POST, 'token');\n$request = filter_input(INPUT_POST, 'request');\n

\n\n

But what about securing GET rest api requests? I don't want to place tokens inside the URL. How should I send a security token inside a GET request?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",0]}],["$","p",null,{"children":["Views: ",123]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","41262305",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/aae7d435dd17b266b3d66c531b765ad1?s=256&d=identicon&r=PG&f=y&so-version=2","alt":"Andrei Filimon","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/4721076/andrei-filimon","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Andrei Filimon"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",1188]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

Place the token in the request header (for all request types,not just for GET).This is the recommended way.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","15712352",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/15712352","className":"text-blue-600 hover:underline","children":"Good way to secure GET request?"}]}],["$","li","29883223",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/29883223","className":"text-blue-600 hover:underline","children":"Secure ajax GET/POST request for server"}]}],["$","li","5816233",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/5816233","className":"text-blue-600 hover:underline","children":"How to build a secure and RESTful service in PHP?"}]}],["$","li","33108399",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/33108399","className":"text-blue-600 hover:underline","children":"Secure PHP REST API"}]}],["$","li","31210038",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/31210038","className":"text-blue-600 hover:underline","children":"GET request with authentication"}]}],["$","li","30440504",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/30440504","className":"text-blue-600 hover:underline","children":"Sending HTTP GET Request Using PHP"}]}],["$","li","26303216",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/26303216","className":"text-blue-600 hover:underline","children":"Security PHP RESTful API"}]}],["$","li","15892228",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/15892228","className":"text-blue-600 hover:underline","children":"Secure AJAX request to URI"}]}],["$","li","13571716",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/13571716","className":"text-blue-600 hover:underline","children":"How to secure Rest Based API?"}]}],["$","li","6166599",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/6166599","className":"text-blue-600 hover:underline","children":"Securing GET call"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Making a secure rest get request

Answers (1)

Related Questions