It's my first time building and deploying a REST API with just the standard library. Are there any gotchas I should keep an eye out for regarding securing my REST API?
Asked
Active
Viewed 355 times
0
-
If you look in the "Related" section on the side, you will see multiple questions here about securing REST APIs. – schroeder Nov 23 '19 at 00:59
1 Answers
1
Here's the list of best practices in securing RESTful API.
Always Use HTTPS - Traffic must be encrypted
Never expose information on URLs - as this can be captured in web server logs, which makes them easily exploitable.
https://api.domain.com/user-management/users/{id}/someAction?apiKey=abcd123456789
Consider Oauth
Adding Timestamp in Request - This will prevent very basic replay attacks from people who are trying to brute force your system
Input Parameter Validation - Put strong validation checks and reject the request immediately if validation fails.
Use Auditing and Logging - Any subject or entity can be audited
For more information, OWASP Provide a cheatsheet found here.
Al Francis
- 278
- 1
- 11