Questions tagged [rest]

An abreviation for REpresentational State Transfer. A design pattern for stateless client-server systems. Popular in the implementation of web services.

ReST (Representational State Transfer) is a stateless client-server architecture commonly used on the web.

Use this tag if on questions that are specifically about the REST aspects of a protocol, such as how to authenticate requests. If a question is about a web application but not about its RESTful aspects, just use web-service or web-application.

382 questions

votes

1 answer

Penetration/Vulnerability testing for REST web services

Is there any tool to perform penetration/vulnerability testing on REST web services ?

rest

asked Jul 24 '13 at 16:55

Navin

votes

3 answers

Looking for feedback on my REST-style API authentication design and two-factor authentication

Authentication The authentication is going to be signature-based. The signature will be generated using: HMAC_SHA256(SHA1(secret_key) + '#' + request_data + '#' + utc_timestamp) The utc_timestamp will also be included into the X-Timestamp header or…

rest

asked Mar 14 '13 at 19:43

Andriy Lesyuk

votes

3 answers

How do I secure my REST api that is being accessed by only one application?

Suppose we have 2 webapps, appA and appB. They communicate via REST. Say for example, when appA updates let's say, a file, it should inform appB via REST and so on. I was thinking, how do I make this secure? I mean, what if an ordinary user got the…

rest

asked Jun 29 '14 at 21:17

a6593528

vote

1 answer

Where to start with api security testing?

I have the backend api of an iOS application. I would like learn api testing on this. How to begin with api security testing?Please suggest some tutorials and tools available online.

rest

asked May 15 '15 at 10:52

Anonymous Platypus

1,462
3
19
38

vote

1 answer

cURL and custom Rest API authentication exposure

I'm developing an API which is planned to use simple user and password authentication mode. I have experience with HTTP requests and tended to think everything as HTTP request. As user name and password should never be exposed, would a cURL request…

rest

asked Feb 12 '14 at 17:54

Fabiano

votes

1 answer

Security concerns on API

I just encountered API which I find pretty vulnerable. Could you clarify if my concerns are wrong? 1)For retrieving user data, API KEY, which is unique for every user i used. This api key is stored in rest url. For example, to request something,…

rest

asked Nov 27 '14 at 07:32

Heisenberg

votes

1 answer

API - exposing implementation names, and other details

In my new team, we use the API of our internal clients, whose request calls and responses contain names of our accounts with the client - for example: dingobiscuits.vodafone.com/data/fetch-something And some error messages read detailed…

rest

asked Aug 21 '23 at 10:36

julie

votes

0 answers

Restrict RESTful Routes to Authorized Clients

I am building an application that stores form entries. It will accept post requests from a client web application and store the information as defined in the request. For example, frontend.com makes a request to backend.com/form-entries/create. My…

rest

asked Jan 29 '19 at 15:22

LeviJames