Building a security layer around your RESTful APIs
Who is this presentation for?
- Developers, architects, and technology managers
Modern architectures are distributed and built on a layer of services. They expose data that’s very valuable to its owner and to potential bad actors. The services can expose sensitive transactional data. However, we often “secure” these services using an API key or security through obscurity. Scary as that may sound, there are solutions that can secure these services.
When designing a security solution, you must ask four key questions:
- Are the requests coming from an authorized client?
- Are the requests valid and unmodified?
- Are you protecting against replay attacks?
- Does the solution work for authenticated and nonauthenticated users?
A success solution will answer yes to all four.
James Wallace digs into the what and how of securing RESTful API requests. You’ll learn the four things that must be secure and explore several solutions to this security problem.
- A working knowledge of APIs and REST
- A basic understanding of what a hash is
What you'll learn
- Learn strategies for securing API requests and the theories behind them
James Wallace is the director of software development at EBSCO LearningExpress, where he’s both the senior architect for the company and the manager of the development team. James is a skilled, multifaceted, and pragmatic hands-on software engineering manager with 24 years of broad experience in building enterprise applications and architectures across multiple platforms and technologies.
For conference registration information and customer service
For more information on community discounts and trade opportunities with O’Reilly conferences
For information on exhibiting or sponsoring a conference
For media/analyst press inquires