Answer the question
In order to leave comments, you need to log in
How to secure connection between client and servers (RESTful API)?
I ask for help from knowledgeable people, the situation is this:
There is a server in PHP. This server is constantly accessed by several clients (2-3 sites, more in the future). For client-server communication, I chose the REST architecture and I immediately had the question of how to allow only verified clients to access the server.
The scheme works as follows: I send data from the form to the server, the server checks from whom the data came from, and if the client is verified, then the data is written to the database and the client receives a response. Is the OAuth protocol suitable for this scheme, and which version of the protocol is better to use? Or is it better to use regular HTTP authentication?
I also came up with the following option: the client has a public and private key. Together with the data, a hash of the data with a private key is sent to the server. Because the server knows who sent the answer, it checks 2 hashes and writes the info to the database if the hashes match. Does it make sense to use such protection?
There are a lot of questions, I will be glad to your opinions. Thanks a lot.
Answer the question
In order to leave comments, you need to log in
OAuth implies access and privileges. I think all your clients have the same rights, they do not need to constantly request access because they do not move. I think it makes sense for everyone to just generate a hash and not suffer. Just every request to send the given key.
The most important question - are you using HTTPS?
Without it, all your hashes can be caught by a traffic sniffer.
What is meant by client? Browser directly to your server? Browser through the server of a third-party site to your server?
If the browser, then your hashes will be in the clear. You can steal them and fill up your API with garbage.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question