REST API Security Jamie Wallace EBSCO LearningExpress Physics 25 - PowerPoint PPT Presentation

REST API Security Jamie Wallace EBSCO LearningExpress

Physics 25 Years in Software Director of Software Development

What is REST? Security? Solutions Implementation

What is REST? Security? Solutions Implementation

What is REST? Security? Solutions Implementation

What is REST? Security? Solutions Implementation

REST

RE presentational S tate T ransfer

CRUD HTTP verbs using

most web services only use an API key

Request Request Request Validator API Key

Request Validator API Key

Validator API Request Key

Validator API Request

Client Server Side Side

Authorized client Valid and unmodified request No replay attacks All users

Authorized client Valid and unmodified request No replay attacks All users

Authorized client Valid and unmodified request No replay attacks All users

Authorized client Valid and unmodified request No replay attacks All users

Domain Cookie Solution Time based One Time Password JSON Web Token

SessionID Header Validator API Request SessionID Cookie

SessionID Header Request Validator API SessionID Cookie

SessionID Header Validator API Request SessionID Cookie

Validator API Request

Single Multiple Domain Domain

SessionID Header Validator API Request SessionID Cookie

Domain Cookie Solution Time based One Time Password JSON Web Token

Time Periods HMAC Key

Time Periods HMAC Key TOTP

HMAC Key Ç TOTP

Request Validator API TOTP

Request Validator API TOTP

Validator API Request TOTP

Validator API Request

Domain Cookie Solution Time based One Time Password JSON Web Token

Header Payload HMAC Key

Signature Payload Header Signature HMAC Key

Signature Payload Header HMAC Key

Request Validator API JWT

Request Validator API JWT

Validator API Request JWT

Validator API Request

Application Fingerprint

JWT with Signature Service

TS TS Key String 10 115ABC 20 115DEF 30 115GHI HMAC

TS TS Key 10 115ABC 20 115DEF 30 String 115GHI HMAC

TS TS Key 10 115ABC 20 115DEF 30 String 115GHI HMAC Hash

Encrypting JWT with Encryption Service

TS TS Key String 10 115ABC 20 115DEF 30 115GHI HMAC

TS TS Key 10 115ABC 20 115DEF 30 String 115GHI HMAC

TS TS Key 10 115ABC 20 115DEF 30 Encrypted String 115GHI HMAC or Decrypted String

Client Manager Validator Encryption Service Signature Service Key Store

Client Manager Validator Encryption Service Signature Service Key Store

Client Manager Validator Encryption Service Signature Service Key Store

Client Manager Validator Encryption Service Signature Service Key Store

Client Manager Validator Encryption Service Signature Service Key Store

Q & A