BestHub
Sign in
Tag

API security

2 views collected around this technical thread.

Code Ape Tech Column
Code Ape Tech Column
Jun 10, 2025 · Information Security

Securing OpenAPI Interfaces with AppId, AppSecret, and RSA Signatures

This article explains how to standardize and protect OpenAPI interfaces by using globally unique AppId/AppSecret pairs, generating RSA‑based signatures, implementing timestamp and nonce checks, and applying common security measures such as rate limiting, whitelist/blacklist controls, and sensitive data handling, all illustrated with complete Java code examples.

API securityAppIdAppSecret
0 likes · 28 min read
Securing OpenAPI Interfaces with AppId, AppSecret, and RSA Signatures
Spring Full-Stack Practical Cases
Spring Full-Stack Practical Cases
Jun 6, 2025 · Backend Development

Secure Spring Boot 3 APIs: 5 Methods with Filters, Interceptors, AOP, OAuth2

This article presents five practical approaches to protect Spring Boot 3 API endpoints—including Filter, Interceptor, AOP combined with Filter, Spring Security, and OAuth2 integration—providing code examples, configuration steps, and screenshots to demonstrate authentication, authorization, and token handling for secure access control.

API securityAuthenticationJava
0 likes · 11 min read
Secure Spring Boot 3 APIs: 5 Methods with Filters, Interceptors, AOP, OAuth2
Top Architect
Top Architect
Apr 17, 2025 · Information Security

Designing Secure Third‑Party API Authentication with AK/SK, Signatures and Replay‑Attack Prevention

This article presents a comprehensive design for securing third‑party APIs by using Access Key/Secret Key pairs, timestamp and nonce validation, signature generation, token handling, HTTPS, rate limiting, logging, idempotency, versioning, standardized response formats and practical Java code examples to prevent tampering and replay attacks.

API securityAuthenticationReplay Attack
0 likes · 32 min read
Designing Secure Third‑Party API Authentication with AK/SK, Signatures and Replay‑Attack Prevention
Architect's Guide
Architect's Guide
Mar 31, 2025 · Information Security

Design and Security Practices for Third‑Party API Authentication and Signing

This article presents a comprehensive design scheme for third‑party APIs, covering permission segmentation, AK/SK generation, signature workflow and rules, secure API endpoint design, anti‑replay mechanisms, token handling, TLS encryption, database schema, and implementation examples in Java.

API securityAuthenticationJava
0 likes · 30 min read
Design and Security Practices for Third‑Party API Authentication and Signing
Top Architecture Tech Stack
Top Architecture Tech Stack
Mar 25, 2025 · Information Security

Designing Secure Third‑Party API Interfaces: Authentication, Signature, and Best Practices

This guide details a secure third‑party API design, covering API key generation, request signing with timestamps and nonces, permission division, CRUD endpoint definitions, unified response structures, and best‑practice security measures such as HTTPS, IP whitelisting, rate limiting, logging, and idempotency handling.

API securityAuthenticationJava
0 likes · 29 min read
Designing Secure Third‑Party API Interfaces: Authentication, Signature, and Best Practices
Test Development Learning Exchange
Test Development Learning Exchange
Mar 24, 2025 · Information Security

Understanding Asymmetric Encryption and Its Application in API Automation

This article explains the fundamentals of asymmetric encryption, its key concepts, common application scenarios such as HTTPS and blockchain, provides a Python RSA implementation, and outlines how to apply it securely in API automation testing, including best practices and precautions.

API securityRSAasymmetric encryption
0 likes · 5 min read
Understanding Asymmetric Encryption and Its Application in API Automation
Top Architect
Top Architect
Feb 15, 2025 · Information Security

Designing Secure Third‑Party API Authentication with AK/SK, Signatures and Token Mechanisms

The article presents a comprehensive design for securing third‑party API calls by generating unique Access Key/Secret Key pairs, defining permission scopes, implementing signature generation and verification, employing timestamps and nonces to prevent replay attacks, and outlining practical API endpoint specifications and response standards.

API securityAuthenticationJava
0 likes · 33 min read
Designing Secure Third‑Party API Authentication with AK/SK, Signatures and Token Mechanisms
Didi Tech
Didi Tech
Feb 13, 2025 · Frontend Development

Front-End Architecture Refactoring for International Food Delivery Merchant Marketing

The case study details how a unified TypeScript‑based activity data model, combined with JSON‑Schema validation and dependency‑injected configuration, refactored a multi‑channel food‑delivery merchant marketing front‑end, cutting code duplication, boosting extensibility, and improving development speed by roughly 40% for new activity types.

API securityTypeScriptarchitecture
0 likes · 11 min read
Front-End Architecture Refactoring for International Food Delivery Merchant Marketing
Top Architect
Top Architect
Jan 22, 2025 · Information Security

Designing Secure Third‑Party API Authentication with AK/SK, Signatures and Token Management

This article presents a comprehensive design for securing third‑party API calls by generating unique Access Key/Secret Key pairs, defining permission granularity, implementing signature generation with timestamps and nonces, handling token lifecycle, and providing concrete Java and SQL code examples for practical deployment.

AK/SKAPI securityAuthentication
0 likes · 31 min read
Designing Secure Third‑Party API Authentication with AK/SK, Signatures and Token Management
Top Architect
Top Architect
Dec 17, 2024 · Information Security

Design and Security Practices for Third‑Party API Authentication and Authorization

This article presents a comprehensive design scheme for third‑party API interfaces, covering access‑key/secret‑key generation, permission segmentation, signature flow and rules, anti‑replay mechanisms, token handling, and concrete Java code examples for secure request validation.

API securitySignatureaccess key
0 likes · 29 min read
Design and Security Practices for Third‑Party API Authentication and Authorization
Top Architect
Top Architect
Dec 6, 2024 · Information Security

Design and Implementation of Secure Third‑Party API Authentication Using AK/SK, Signatures, and Tokens

This article presents a comprehensive design for securing third‑party APIs, covering permission segmentation, AK/SK generation, signature workflow and rules, anti‑replay mechanisms, token handling, detailed API endpoint specifications, and best‑practice security measures with illustrative Java code examples.

AK/SKAPI securityAuthentication
0 likes · 32 min read
Design and Implementation of Secure Third‑Party API Authentication Using AK/SK, Signatures, and Tokens
macrozheng
macrozheng
Nov 15, 2024 · Backend Development

How to Secure Internal APIs with Microservice Isolation, Redis Whitelists, and AOP

This article explores three practical approaches—microservice isolation, Redis‑based whitelist, and gateway‑AOP integration—to restrict internal‑only APIs, compares their trade‑offs, and provides step‑by‑step SpringBoot code examples for implementing the AOP solution.

AOPAPI securityJava
0 likes · 7 min read
How to Secure Internal APIs with Microservice Isolation, Redis Whitelists, and AOP
Architect
Architect
Oct 2, 2024 · Information Security

Preventing API Parameter Tampering and Replay Attacks with Signature Verification in Java

The article explains how exposed API endpoints can be intercepted and altered, and presents practical security measures—including HTTPS, encrypted parameters, timestamp‑based signatures, and a Spring Boot filter implementation—to detect and block tampering and replay attacks in a Java backend.

API securityJavaParameter encryption
0 likes · 8 min read
Preventing API Parameter Tampering and Replay Attacks with Signature Verification in Java
Code Ape Tech Column
Code Ape Tech Column
Sep 27, 2024 · Information Security

Implementing API Request and Response Encryption/Decryption with Spring MVC and ControllerAdvice

This article demonstrates how to secure API interfaces by implementing symmetric encryption and decryption for both GET and POST requests in a Spring MVC application, using ControllerAdvice to intercept and process request and response bodies, handling key management, signature verification, and serialization issues across H5, Android, and iOS clients.

API securityControllerAdviceJava
0 likes · 14 min read
Implementing API Request and Response Encryption/Decryption with Spring MVC and ControllerAdvice
Java Architect Essentials
Java Architect Essentials
Aug 29, 2024 · Information Security

Combining RSA and AES for Secure API Parameter Transmission: A Practical Guide

This article explains a real‑world incident where insecure API parameters led to leaderboard manipulation, then details how to securely combine RSA asymmetric encryption with AES symmetric encryption, covering key concepts, padding modes, implementation steps, and server‑side decryption using Java.

AESAPI securityJava
0 likes · 22 min read
Combining RSA and AES for Secure API Parameter Transmission: A Practical Guide
Architect
Architect
Jul 15, 2024 · Information Security

Secure OpenAPI Design: AppId/AppSecret, RSA Signatures, Timestamp & Nonce Best Practices

This article explains how to secure OpenAPI interfaces by using globally unique AppId/AppSecret pairs, SHA‑256 and RSA signatures, timestamp and nonce validation, caching, rate‑limiting, parameter validation, and encryption algorithms, providing complete client‑server implementation examples in Java.

API securityAuthenticationJava
0 likes · 26 min read
Secure OpenAPI Design: AppId/AppSecret, RSA Signatures, Timestamp & Nonce Best Practices
Top Architect
Top Architect
Jul 12, 2024 · Information Security

API Encryption and Security Design: Combining Symmetric, Asymmetric, Hashing, and Signature Techniques

This article presents a comprehensive API encryption scheme that combines symmetric and asymmetric cryptography, hashing, and digital signatures, explains HTTPS fundamentals, details WeChat Pay encryption, outlines key exchange and data protection processes, provides Java code examples, and analyzes security, anti‑tampering, anti‑replay, and performance considerations.

API securityHTTPSHashing
0 likes · 16 min read
API Encryption and Security Design: Combining Symmetric, Asymmetric, Hashing, and Signature Techniques
Architecture Digest
Architecture Digest
Jul 10, 2024 · Backend Development

Implementing Internal‑Only API Access with Gateway, Redis Whitelist, and AOP in Spring Cloud

The article explains three approaches for restricting certain APIs to internal service calls—microservice isolation, a gateway‑plus‑Redis whitelist, and a gateway‑plus‑AOP solution—then provides step‑by‑step Spring Cloud code to add a public‑source header, define an AOP aspect with a custom annotation, and annotate internal‑only endpoints.

AOPAPI securityMicroservices
0 likes · 6 min read
Implementing Internal‑Only API Access with Gateway, Redis Whitelist, and AOP in Spring Cloud
macrozheng
macrozheng
Jul 4, 2024 · Backend Development

How to Secure Internal‑Only APIs with SpringBoot, Gateway, Redis, and AOP

This article explores three practical approaches—microservice isolation, Redis‑based whitelist, and gateway‑AOP header checks—to restrict certain APIs to internal network calls, and provides step‑by‑step SpringBoot code examples for implementing the preferred gateway‑AOP solution.

AOPAPI securityMicroservices
0 likes · 7 min read
How to Secure Internal‑Only APIs with SpringBoot, Gateway, Redis, and AOP
Architect
Architect
Jun 19, 2024 · Information Security

Implementing RSA and AES Hybrid Encryption for API Security in Java

This article describes a real‑world API security incident, explains the fundamentals of asymmetric RSA and symmetric AES encryption, and provides a complete Java implementation—including a hybrid encryption strategy, custom @RequestRSA annotation, Spring AOP decryption aspect, and utility classes—to securely transmit and automatically decrypt request parameters.

AESAPI securityJava
0 likes · 23 min read
Implementing RSA and AES Hybrid Encryption for API Security in Java