What are the best practices to be followed while designing a secure RESTful web service?

Technology CommunityCategory: API DesignWhat are the best practices to be followed while designing a secure RESTful web service?
VietMX Staff asked 3 years ago

As RESTful web services work with HTTP URLs Paths so it is very important to safeguard a RESTful web service in the same manner as a website is be secured. Following are the best practices to be followed while designing a RESTful web service:

  • Validation − Validate all inputs on the server. Protect your server against SQL or NoSQL injection attacks.
  • Session based authentication − Use session based authentication to authenticate a user whenever a request is made to a Web Service method.
  • No sensitive data in URL − Never use username, password or session token in URL , these values should be passed to Web Service via POST method.
  • Restriction on Method execution − Allow restricted use of methods like GET, POST, DELETE. GET method should not be able to delete data.
  • Validate Malformed XML/JSON − Check for well formed input passed to a web service method.
  • Throw generic Error Messages − A web service method should use HTTP error messages like 403 to show access forbidden etc.