All Questions
Tagged with architecture api
4 questions
0
votes
0
answers
127
views
Brute force prevention and alike with stateless API architecture
What are the patterns (best practices, whatever) to prevent brute force (and features alike) in stateless API architectures that keep the system stateless? Couldn't find anything regarding this topic.
...
1
vote
1
answer
378
views
Is it acceptable to have SPA + API from security point of view?
We are building something like specific blogging social platform. Architecture was originally intended as to have:
single page application: all gui, rendered in the browser on the client
frontend: ...
- 389
0
votes
1
answer
1k
views
API Key via Basic Auth: Send it as a username or as a password?
In APIs that authenticates with a single API key (eg a long random string) via Basic Auth, I have seen that most (eg Stripe, Unbounce) sends the API key as the username, leaving the password field ...
- 423
5
votes
2
answers
435
views
Do I need OAuth to pass an API key of a service (now it is passed via copy-paste)?
I have a web application, say http://web.app/. It is local for every given user and accessible without authorisation. It uses an API of a service https://service.app/. The user can log in to it and ...
- 103