REST API Security Jamie Wallace EBSCO LearningExpress
Physics 25 Years in Software Director of Software Development
What is REST? Security? Solutions Implementation
What is REST? Security? Solutions Implementation
What is REST? Security? Solutions Implementation
What is REST? Security? Solutions Implementation
REST
RE presentational S tate T ransfer
CRUD HTTP verbs using
most web services only use an API key
Request Request Request Validator API Key
Request Validator API Key
Validator API Request Key
Validator API Request
Client Server Side Side
Authorized client Valid and unmodified request No replay attacks All users
Authorized client Valid and unmodified request No replay attacks All users
Authorized client Valid and unmodified request No replay attacks All users
Authorized client Valid and unmodified request No replay attacks All users
Domain Cookie Solution Time based One Time Password JSON Web Token
SessionID Header Validator API Request SessionID Cookie
SessionID Header Request Validator API SessionID Cookie
SessionID Header Validator API Request SessionID Cookie
Validator API Request
Single Multiple Domain Domain
SessionID Header Validator API Request SessionID Cookie
Domain Cookie Solution Time based One Time Password JSON Web Token
Time Periods HMAC Key
Time Periods HMAC Key TOTP
HMAC Key Ç TOTP
Request Validator API TOTP
Request Validator API TOTP
Validator API Request TOTP
Validator API Request
Domain Cookie Solution Time based One Time Password JSON Web Token
Header Payload HMAC Key
Signature Payload Header Signature HMAC Key
Signature Payload Header HMAC Key
Request Validator API JWT
Request Validator API JWT
Validator API Request JWT
Validator API Request
Application Fingerprint
JWT with Signature Service
TS TS Key String 10 115ABC 20 115DEF 30 115GHI HMAC
TS TS Key 10 115ABC 20 115DEF 30 String 115GHI HMAC
TS TS Key 10 115ABC 20 115DEF 30 String 115GHI HMAC Hash
Encrypting JWT with Encryption Service
TS TS Key String 10 115ABC 20 115DEF 30 115GHI HMAC
TS TS Key 10 115ABC 20 115DEF 30 String 115GHI HMAC
TS TS Key 10 115ABC 20 115DEF 30 Encrypted String 115GHI HMAC or Decrypted String
Client Manager Validator Encryption Service Signature Service Key Store
Client Manager Validator Encryption Service Signature Service Key Store
Client Manager Validator Encryption Service Signature Service Key Store
Client Manager Validator Encryption Service Signature Service Key Store
Client Manager Validator Encryption Service Signature Service Key Store
Q & A
Recommend
More recommend
