SLIDE 1
REST API Security
Jamie Wallace EBSCO LearningExpress
Physics 25 Years in Software Director of Software Development
REST API Security Jamie Wallace EBSCO LearningExpress Physics 25 - - PowerPoint PPT Presentation
REST API Security Jamie Wallace EBSCO LearningExpress Physics 25 - - PowerPoint PPT Presentation
REST API Security Jamie Wallace EBSCO LearningExpress Physics 25 Years in Software Director of Software Development What is REST? Security? Solutions Implementation What is REST? Security? Solutions Implementation What is REST?
SLIDE 2
SLIDE 3
What is REST? Security? Solutions Implementation
SLIDE 4
What is REST? Security? Solutions Implementation
SLIDE 5
What is REST? Security? Solutions Implementation
SLIDE 6
What is REST? Security? Solutions Implementation
SLIDE 7
REST
SLIDE 8
RE S T
tate presentational ransfer
SLIDE 9
CRUD HTTP verbs
using
SLIDE 10
API key
most web services only use an
SLIDE 11 Request Request Request Validator API Key
SLIDE 12 Key Request Validator API
SLIDE 13 Key Request Validator API
SLIDE 14 Request Validator API
SLIDE 15
Server Side Client Side
SLIDE 16
Authorized client Valid and unmodified request No replay attacks All users
SLIDE 17
Authorized client Valid and unmodified request No replay attacks All users
SLIDE 18
Authorized client Valid and unmodified request No replay attacks All users
SLIDE 19
Authorized client Valid and unmodified request No replay attacks All users
SLIDE 20
Domain Cookie Solution Time based One Time Password JSON Web Token
SLIDE 21 Request SessionID Header SessionID Cookie Validator API
SLIDE 22 Request SessionID Header SessionID Cookie Validator API
SLIDE 23 Request SessionID Header SessionID Cookie Validator API
SLIDE 24 Request Validator API
SLIDE 25
Single Domain Multiple Domain
SLIDE 26 Request SessionID Header SessionID Cookie Validator API
SLIDE 27
Domain Cookie Solution Time based One Time Password JSON Web Token
SLIDE 28 Time Periods Key HMAC
SLIDE 29 TOTP Time Periods Key HMAC
SLIDE 30 Ç Key HMAC TOTP
SLIDE 31 Request Validator API TOTP
SLIDE 32 Request Validator API TOTP
SLIDE 33 Request Validator API TOTP
SLIDE 34 Request Validator API
SLIDE 35
Domain Cookie Solution Time based One Time Password JSON Web Token
SLIDE 36 Header Key HMAC Payload
SLIDE 37 Signature Key Payload Header Signature HMAC
SLIDE 38 Key Payload Header HMAC Signature
SLIDE 39 Request Validator API JWT
SLIDE 40 Request Validator API JWT
SLIDE 41 Request Validator API JWT
SLIDE 42 Request Validator API
SLIDE 43
Application Fingerprint
SLIDE 44
JWT with
Signature Service
SLIDE 45 TS String TS 115GHI 115DEF 115ABC Key 10 20 30 HMAC
SLIDE 46 115GHI String TS TS 115DEF 115ABC Key 10 20 30 HMAC
SLIDE 47 115GHI String TS TS 115DEF 115ABC Key 10 20 30 HMAC Hash
SLIDE 48
Encrypting JWT with
Encryption Service
SLIDE 49 TS String TS 115GHI 115DEF 115ABC Key 10 20 30 HMAC
SLIDE 50 115GHI String TS TS 115DEF 115ABC Key 10 20 30 HMAC
SLIDE 51 115GHI String TS TS 115DEF 115ABC Key 10 20 30 HMAC Encrypted
- r Decrypted
SLIDE 52
Client Manager Validator Signature Service Encryption Service Key Store
SLIDE 53
Client Manager Validator Signature Service Encryption Service Key Store
SLIDE 54
Client Manager Validator Signature Service Encryption Service Key Store
SLIDE 55
Client Manager Validator Signature Service Encryption Service Key Store
SLIDE 56
Client Manager Validator Signature Service Encryption Service Key Store
SLIDE 57