Highest Voted 'api-gateway' Questions - IT Security Stack Exchange

0

votes

1 answer

Does "validating" a JWT token from prove authentication with OpenId?

I have a static react app which users login via an Okta SPA app. The app receives a JWT, which it is stored in the browser, and passed to the backend API via Authentication header on every request. The API using Azure API Management. They provide…

asked Sep 16 '21 at 23:34

NSjonas

143
5

0

votes

0 answers

How can I secure an API used for app secret keys without using CORS, created using AWS API gateway?

I am using an API , made using an AWS service named API Gateway [Which may not be of great importance]. I have gone through various articles mentioning that rather than storing secret keys directly on an APP, you should be retrieving them through an…

authentication api cors api-gateway

asked Jul 15 '21 at 13:59

Jidnyesh AJ

1

0

votes

2 answers

Is there any additional overhead over using Oauth vs Client Certificates?

I have a requirement to add security between service to API communication. The current implementation is client certificates. The client gets a certificate and just sends it in a cookie to the API. API does zero verification of the certificate. It…

certificates account-security authorization oauth2 api-gateway

asked Jan 15 '21 at 16:00

tjax03

103
1

0

votes

0 answers

How to prevent horizontal escalation attacks when a centralized authorization service as gateway is used?

Say I have a gateway which provides authorization mechanisms by validating a JWT, behind an api-gateway there are different micro-services but only the gateway port is public. As a software designer you decide to make all micro services unaware of…

authorization jwt api-gateway microservices

asked Jul 20 '20 at 05:41

Daniel Arechiga

101
1

0

votes

2 answers

How can API documentation helpful to exploit any application?

Here I want to understand what if private API Documentation is exposed how can a hacker exploited the application as all the endpoints have authorization & authentication. its is really going to be helpful for a hacker to exploit with documentation…

api api-gateway esapi

asked May 17 '20 at 10:02

Nitin Rastogi

285
1
2
8

0

votes

1 answer

May I use OAuth2 for non third-party applications?

I need some help to understand my problem. I'm studying a way to provide authentication for my applications. My scenario: I've a set of APIs with restricted access and users that will be authenticated and authorized to consume these resources. I'm…

oauth2 openid-connect identification api-gateway

asked Feb 12 '20 at 09:32

Simio

1
1

0

votes

2 answers

Rest API Security Guideline. Developer Rules?

In my current project I am also setting up the area of security testing. So far there was no way to use security within the REST API development. Beside the known approach, e.g. using static software solutions within a staging environment, the topic…

audit api rest api-gateway

asked Aug 05 '19 at 08:03

Mornon

131
6

Questions tagged [api-gateway]

Does "validating" a JWT token from prove authentication with OpenId?

How can I secure an API used for app secret keys without using CORS, created using AWS API gateway?

Is there any additional overhead over using Oauth vs Client Certificates?

How to prevent horizontal escalation attacks when a centralized authorization service as gateway is used?

How can API documentation helpful to exploit any application?

May I use OAuth2 for non third-party applications?

Rest API Security Guideline. Developer Rules?