locked
Best Security Practices for Web APIs RRS feed

  • Question

  • User-1946294156 posted

    My question is not about securing Web APIs (adding Authentication and the like), but more about the questions a Security Expert would pose. 

    For example, how to prevent someone from discovering API Endpoints and so on?

    Thank you in advance for all of your response,

    Thursday, April 6, 2017 12:46 PM

Answers

  • User-2057865890 posted

    Hi Bob,

    For example, how to prevent someone from discovering API Endpoints and so on?

    By default, endpoints can be called by anyone. The best way to handle making something private to your application is always to handle it at a network level. Don't even expose the Web API to the outside world. You should use auth to ensure people don't mess with your private apis - otherwise people could trace what kind of post or get requests you're sending anyway - auth is always a good idea rather than trying to keep your apis secret.

    Best Regards,

    Chris

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, April 7, 2017 7:33 AM