I am developing SaS based application where users can call the api from their websites. Basically it can be called from static websites. How to secure the web api call without getting spammed and allow it to be called only by the registered users.
Asked
Active
Viewed 60 times
1 Answers
0
There are many possibilities to secure web services. However, the basic idea is to give clients a clientId. Each time when a legit client (holding the clientId), logs in, it provides that clientId, username and password which is checked against a database. If clientId is there, then the username and password get validated.
ACV
- 9,964
- 5
- 76
- 81
-
Web services get called from static websites. So there's no login concept. End applications will just make a call to api using JavaScript Ajax request. – Sunny Aug 27 '16 at 06:11
-
There must be a login concept if you want secure web services. However, just to make sure that only registered users use your API, then give each user a token and they will use it during each request. But this can be read from the source code of the html/js app so it is not secure. In Anularjs this happens on the server side of your angular app so it is more secure. Look here for alternative solution: https://oauth.net/2/ – ACV Aug 27 '16 at 18:46
-
Look here for java based web services solutions: http://stackoverflow.com/questions/4817643/how-to-secure-restful-web-services?rq=1 – ACV Aug 27 '16 at 18:47