Reputation: 1
Secure a public REST API
I'm providing a service on my site and display advertising to provide it for free. Currently, I'm using standard synchronous POST requests : the user submit the form, my server is processing the result page and display it. Due to some performance reason, I want to make my site asynchronous : create a REST/JSON API that will be queried from the user browser using Javascript, returns the service result that will be processed by the javascript code on my site to display it. My concern is that I don't want to let anyone use this API (which could be discovered easily by using some HTTP proxy).
Did you already faced this kind of issue ?
Thank you
Upvotes: 0
Views: 1181
Answers (1)
Reputation: 12730
It sounds like you want to implement an authentication module. I've used 2 different (java centric) approaches to secure RESTful web services.
I've used Spring Security for some basic HTTP authentication and would work if the services you are implementing are deployed to a Java Servlet Container or Application server. It's fairly lightweight and easy to get started.
Currently we're using OpenAM for our services which is similar to the Spring module in theory, but takes a different approach. In my opinion, it's more robust and more enterprise level, but takes longer to learn, set up, and configure.
Either approach will allow you to secure access to your RESTful API (urls).
Upvotes: 2
Related Questions
- Securing API requests from Javascript
- Is there a way to secure a public endpoint?
- Secure Ajax call On Rest Api
- How to make a web API private
- RESTful security authorization
- Securing JavaScript API
- Securing AJAX API
- How to protect a private REST API in an AJAX app
- How to make REST calls secure
- REST Web Service Security with jQuery Front-End