in Technology by (1.9m points)

What are the best practices to be followed while designing a secure RESTful web service?

1 Answer

0 votes
by (1.9m points)

As RESTful web services work with HTTP URLs Paths so it is very important to safeguard a RESTful web service in the same manner as a website is be secured. Following are the best practices to be followed while designing a RESTful web service −

  • Validation − Validate all inputs on the server. Protect your server against SQL or NoSQL injection attacks.

  • Session based authentication − Use session based authentication to authenticate a user whenever a request is made to a Web Service method.

  • No sensitive data in URL − Never use username, password or session token in URL , these values should be passed to Web Service via POST method.

  • Restriction on Method execution − Allow restricted use of methods like GET, POST, DELETE. GET method should not be able to delete data.

  • Validate Malformed XML/JSON − Check for well formed input passed to a web service method.

  • Throw generic Error Messages − A web service method should use HTTP error messages like 403 to show access forbidden etc.