Reputation: 2106
Protect .Net Web API Query String
I have these .Net RESTFull GET APIs that contain query string. Ex: https://my.api.com/employee/get?empId=123&uId=234&type=456
The security team of my customer tested my product. They dont want to expose the plain value of empId and uId query parameter when they inspect the nextwork tab in Chrome dev tool (press F12).
I used ajax to call these APIs from web client to .Net Web API Server.
How can I protect the query string parameter value? Which way to easy encode parameter from ajax calling and decode from API Server?
Upvotes: 0
Views: 255
Answers (1)
Reputation: 76
You already have the answer, that is encrypt the querystrings. So basically you need to encrypt in js and decrypt in c#. You can use AES algorithm a sample is available here
Upvotes: 1
Related Questions
- Ways to secure an anonymous Web API request
- Prevent XSS on webapi
- Protect Web API from Cross-Origin requests
- Protect sensitive data with REST Web Api
- How can I protect an HTTP REST API from malicious use?
- C# Web API - Security for some of the GET requests
- How to Secure ASP.NET Web API with Cross Domain AJAX Calls?
- ASP.NET Web Api - Authorise from querystring values and API security
- How to secure AJAX request in ASP.NET?
- Securing ajax calls