Reputation: 2794
Making a web API secure?
I am creating a simple web API that returns JSON.
It will perform simple crud operations.
What is the best way to authenticate users, OAuth seems to be the main recommendation here but I'm looking for something I can implement myself simply, token based or and API key?
Any ideas suggestions tips would be great.
UPDATE: Forgot to mention, this API wont be for general consumption, its just for my own use but I want to make sure someone can't get in too easily if they stumble on it.
Upvotes: 7
Views: 1091
Answers (1)
Reputation: 67039
First of all in order to build a good API you should use other people's API to see how they work. To be RESTful an API key is used, which is just a really big random number or "cryptographic nonce". But really this is just like immortal session id to look up a users authentication information, which isn't that great. OAuth is great, if you want your own system kerberos is very secure.
It is possible to hijack json responses, which is a pitfall against json. If the API key is required for each request, then the attacker can't use this method.
Upvotes: 3
Related Questions
- How do I secure data access in my new API?
- How to correctly secure my api and provide authentification?
- ASP.NET WEB API 2 Security advice
- Security about a simple REST web service
- Web API Security
- how to secure a Web Api
- API design and security when dealing with AJAX
- Securing web-API access
- Security in Web Api
- Securing Web Services