How do I secure my REST api developed in playframework

api security rest playframework
12,712

You might find this Securing Single Page Apps and REST Services article by James Ward useful, it's built using Play Framework, Java, jQuery, and CoffeeScript.

The reference source is here: https://github.com/jamesward/play-rest-security/

Share:
12,712
Jim
Author by

Jim

Updated on June 14, 2022

Comments

  • Jim
    Jim almost 2 years

    I have read a lot about this on here and other articles. First let me explain my situation.

    Let's say I have the following REST backend:

    GET /user returns all users in JSON. (No need to be logged-in)
    POST /user registers new user. (No need to be logged-in)
    DELETE /user deletes a user. (You do need to be logged-in)

    POST /login posts login credentials and returns a 200 OK on succesful authentication. Also this creates a session with the username.

    DELETE /login logout, this deletes the session.

    For user authentication and roles I use Deadbolt-2 so for example when DELETE /user is called first the session will be viewed to determine whether you are logged-in and then the username is used to determine if you have the correct permissions.

    This works. My question is not about this kind of authorization/authentication. It is however about the following:

    I want to secure the "public" API calls like: GET /user in a way so only front-end applications that are approved by me can access them.

    I have read a lot about api-keys and HMAC and oAuth. But it seems to me they are talking about the first scenario and not the second. So how would I go about this in my situation ?

    Thank you for your time.

  • Jim
    Jim almost 11 years
    I found this about 2 hours ago by myself actually. This in combination with Carsten's comment is really helping me.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Getting Insufficient scope for this resource using Spring Boot and OAuth2
Securing a REST API in Java
Separate back-end and front-end apps on same domain?
How to secure a REST Api on flask
How to protect a private REST API in an AJAX app
Updating Value From API in a constructor flutter
How to access COWIN APIs?
In Flutter how I can fetch data inside a JASON with API and GetX
Flutter REST API Security
Securely Saving API Keys In Android (flutter) Apps