Token-based security in a REST API
Share on Mastodon
Series: What is REST?, A Basic REST API, Paging, Search, Security, Token, OpenID.
We are implementing a REST API. Today, adding to the security we already have by making a security token that is stored in a cookie:
Slides: Token-based security in a REST API.
Code: poemtube on github.
Good evening Andy, I have some problem to understand Rest security. I don’t know if you can help me. Firstly I’m confuse for making the different between API and the Backend, and secondly I don’t know what points to concern the Rest API security. By following your video you focused on authentication and autorization, my question for this is what about injections, CSRF, XSS, …
Thanks.
Hi Dieu Merci, can you ask a more specific question? I don’t know how to answer this.
how to protect an Rest API from Sql injections, CSRF attack?
I suggest looking at https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project – the security aspects of a REST API are similar to other projects, except that there is usually no JavaScript running in the process. However, often the results of an API request are processed inside JavaScript, so many of the same ideas are relevant.