The second topic covered in the Burgas IT Pro Meetup is Securing RESTful APIs by Zlatomir Haralambov. He is a senior software engineer in Codific mainly involved in projects focussing on security. He said that – some people may try to convince you that you can create a secure API within 10 minutes, but you shouldn’t get fouled. There is a lot of stuff that you have to keep in mind when you work on the security part of your project. You won’t let your car unlocked, why would you do so with your data. Implementing and deploying APIs in a secure manner is essential and Zlati showed us a few tips and tricks.
Mandatory use of the HTTPS.
Implementation of Rate limits.
Security Tokens in the Header and the Cookies
CSRF attacks protection
Enforcement of strict CORS policies
Cookies vs JWT vs Authorization headers
Check the video to see if your are missing something on Securing APIs. Stay protected, stay secure!
You can also check part 1- Temple OS