3 Securing the Natter API

This chapter covers

Authenticating users with HTTP Basic authentication
Authorizing requests with access control lists
Ensuring accountability through audit logging
Mitigating denial of service attacks with rate-limiting

In the last chapter you learned how to develop the functionality of your API while avoiding common security flaws. In this chapter you’ll go beyond basic functionality and see how proactive security mechanisms can be added to your API to ensure all requests are from genuine users and properly authorized. You’ll protect the Natter API that you developed in chapter 2, applying effective password authentication using Scrypt, locking down communications with HTTPS, and preventing denial of service attacks ...

Get API Security in Action now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

API Security in Action by Neil Madden

3 Securing the Natter API

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly