/ Security Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Requiring SSL For API All Calls

DZone's Guide to

Requiring SSL For API All Calls

One day, SSL will be standard for all API calls. Unfortunately, it is not this day.

by
·
Jan. 14, 17 · Security Zone ·
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

This is one of those regular public service announcements that if at all possible, you should be requiring SSL for all your API calls. I recently got an email from the IBM Watson team telling me that they would be enforcing encryption on all calls to the Alchemy API in February.

Image titleSSL is something I've started enforcing on my own internal APIs. I do not have wide usage of my APIs by third-party providers, but I do have a variety of systems making calls to my APIs, transmitting some potentially sensitive information--luckily nothing too serious, as I'm just a simple API Evangelist.

Encryption is an area I research regularly, hoping to stay in tune (as much as I can) with where discussions are going when it comes to encryption and API operations. Much of it doesn't apply to the average API provider but requiring encryption for API calls, and emailing your developers when and if you do begin enforcing, is what I'd consider an essential building block for all API providers.

I'll keep crafting a unique blog post each time I receive on of these emails from the APIs I depend on. Hopefully some day soon, all APIs will be SSL by default.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Like This Article? Read More From DZone

Security vs. Time-to-Market: What's More Important?
Self Signed HTTPS Certificate [Video]
How to Install an SSL Certificate on WHM/cPanel

Free DZone Refcard

REST API Security
DOWNLOAD
Topics:
security ,ssl ,watson ,api

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

Security Partner Resources

Rapidly detect security vulnerabilities in your web, mobile and desktop applications
Find out how to Secure your applications with Point and Click protection.
Eliminate vulnerabilities from applications before they are placed into production and deployed
Learn how to Patch faster than attackers can find you
What is the Deserialization vulnerability and what are the challenges in providing a solution
Securing Payments and Earning Trust in a Mobile Financial World
Intelligent Finding Analytics: Your Cognitive Computing Application Security Expert
Five Steps to Achieve Risk-based Application Security Management: Updated Second Edition

Security Partner Resources

Rapidly detect security vulnerabilities in your web, mobile and desktop applications
Find out how to Secure your applications with Point and Click protection.
Eliminate vulnerabilities from applications before they are placed into production and deployed
Learn how to Patch faster than attackers can find you

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone