This article outlines essential API security mechanisms—including encryption, signing, timestamp validation, AppId authentication, rate limiting, blacklist handling, and data validation—and provides practical Java implementation examples for each technique.
This article explains why exposed web APIs are vulnerable, introduces anti‑tampering and anti‑replay techniques, and provides a complete Spring Boot implementation—including request signing, timestamp and nonce validation, and Redis storage—to protect API endpoints from malicious reuse.
This article explains three practical approaches—separate microservices, gateway + Redis whitelist, and gateway + AOP—to restrict external access to internal APIs, and provides a detailed Spring Cloud Gateway and AOP code implementation for Java microservice architectures.
This article explains the complete user login process, including mobile verification, token generation, token expiration policies, request‑rate limiting with Redis, anonymous request handling, blacklist management, and provides full Java Spring code examples for implementing these backend authentication mechanisms.
This article walks through a complete Spring Boot solution for encrypting and decrypting API requests and responses, covering requirement analysis, data models, custom ControllerAdvice implementations, serialization challenges, and practical code examples using AES and Jackson.
Learn three practical methods to protect sensitive API response data in SpringBoot 2.4.12—complete with SQL examples, custom Jackson annotations, and a reusable serializer to automatically mask fields like ID numbers during JSON output.
This article describes how to design an open API interface that issues time‑limited access tokens, defines the supporting database schema, implements token generation utilities, creates a token‑issuing endpoint, and secures all open‑API calls with a Spring MVC interceptor.
This article outlines the challenges of API security, proposes a hybrid symmetric‑asymmetric encryption scheme with signed requests, describes client and server processing flows, defines service attributes, and provides implementation references for a robust RPC encryption solution.
Learn three practical strategies to prevent external exposure of specific APIs—isolating them in separate microservices, employing a Redis‑backed whitelist via the gateway, and using gateway‑added headers with AOP annotations—to enforce internal‑only access, complete with Java code examples.
This article provides a comprehensive, step‑by‑step guide to OAuth 2.0, covering its background, usage scenarios, core roles, token types, redirect handling, scope definition, the four grant flows, request/response examples, token refresh mechanisms, and security considerations.
This article explains how to restrict certain APIs to internal network calls by comparing three approaches—microservice isolation, gateway + Redis whitelist, and gateway + AOP—and provides a complete Java implementation of the AOP solution with code examples.
This article outlines ten practical methods to secure API data, covering encryption of transmission, digital signing, token authentication, timestamp and nonce replay protection, rate limiting, blacklist/whitelist controls, data masking, and parameter validation, with detailed explanations and implementation steps.
This article examines security challenges encountered in JD Logistics' sorting platform, details the investigative process for abnormal API requests, proposes a SHA‑256 based authentication scheme with digital signatures, compares industry‑wide API protection methods, and shares practical insights from the author's experience in financial API gateway design.
This article outlines ten practical methods for protecting API data, covering transmission encryption, digital signatures, token authentication, timestamp and nonce mechanisms, rate limiting, blacklist/whitelist controls, data masking, and parameter validation to ensure comprehensive interface security.
This article examines the challenges of securing API interfaces—including authentication for third‑party services and protection against request hijacking—and proposes a comprehensive RPC encryption framework that uses asymmetric and symmetric keys, signed payloads, and HTTPS fallback, detailing both client‑side and server‑side workflows, data structures, and providing links to the full source code.
This article outlines a comprehensive approach to securing backend APIs through authentication, anti‑hijacking measures, and a custom RPC encryption scheme that combines asymmetric and symmetric keys, detailing design principles, data flow, and implementation resources.
This article explains the fundamental differences between JSON Web Token (JWT) and OAuth2, describes their structures, security considerations, and provides guidance on when to choose each method for protecting API access in modern applications.
This article explains the fundamental differences between JSON Web Token (JWT) and OAuth2, describes how each works, provides code examples of JWT structure, outlines OAuth2 roles and flows, and discusses practical scenarios, advantages, and drawbacks for securing APIs.
This article outlines how Haodf Online implements a closed‑loop partner data security framework—covering background regulations, SDL‑based lifecycle stages, partner information handling, security assessment, API testing, monitoring, and continuous improvement—to protect sensitive medical data across its ecosystem.
This article explains how to secure API communication with tokens, timestamps, cryptographic signatures, duplicate‑submission prevention, and practical Spring Boot code examples, offering a comprehensive guide for protecting data exchange between services.
This article explains practical methods to protect externally exposed APIs, covering token‑based access, OAuth2.0 authorization, signature verification, encryption techniques (hashing, symmetric and asymmetric), key management, and provides Java code samples for DES and RSA implementations.
This article explains the fundamental differences between JSON Web Token (JWT) and OAuth2, outlines their structures, advantages, limitations, and typical use‑cases, and provides practical guidance on when to adopt each method for securing APIs.
This guide explains the five authorization methods supported by Postman—No Auth, Basic, Digest, Hawk, and OAuth 1.0—providing configuration details, example requests, and sample responses to help developers secure API calls effectively.
This guide explains the fundamentals of JSON Web Tokens, their structure and claim types, typical use cases such as authorization and secure data exchange, and provides a step‑by‑step Spring Boot implementation including dependency setup, token generation, interceptor validation, and protected endpoint testing.
The article explains how to secure API endpoints by combining token authentication, timestamp validation, and cryptographic signatures to prevent data tampering, replay attacks, and denial‑of‑service attempts, while offering guidance on practical trade‑offs.
This article compares token-based and signature-based API authentication methods, discusses their advantages and drawbacks, and provides complete Java code examples—including JWT token utilities, authentication interceptors, and signature verification—to help developers implement robust API security in real-world projects.
This article explains how to protect data exchange with third‑party systems by using access tokens, timestamps, cryptographic signatures, and duplicate‑submission safeguards, providing detailed Java/Spring Boot examples and code snippets for implementing secure API authentication and request validation.
This article explains how to secure app open‑API endpoints by using HTTPS, token‑based authentication, timestamp validation, and a URL‑signature algorithm implemented in Java, including detailed steps, interception rules, and sample code for generating and verifying signatures.
This article explains how to protect API data exchange by using access tokens, timestamps, MD5 signatures, Redis caching, and a custom @NotRepeatSubmit annotation to prevent replay attacks and duplicate submissions in a Spring Boot backend.
This article explains how to secure mobile app open APIs by enforcing HTTPS, designing request signatures with timestamps and tokens, validating them on the server, and managing token‑UID relationships using Redis, complete with Java code examples for parameter extraction and signature generation.
This article explains the fundamental differences between JSON Web Tokens (JWT) and OAuth2, outlines their structures, security considerations, implementation details, and compares their advantages, drawbacks, and suitable use cases to help developers choose the appropriate method for securing APIs.
This article explains the fundamental differences between JSON Web Tokens (JWT) and OAuth 2.0, outlines their structures, roles, and grant types, compares implementation effort and risk, and provides guidance on choosing the right approach for various API security scenarios.
This article explains how timestamp and nonce mechanisms can be combined to protect API endpoints from parameter tampering and replay attacks, illustrating the approach with a Java Spring interceptor that stores nonces in Redis and validates signatures on each request.
This article explains how to protect front‑back separated APIs using a request signature scheme, detailing the required parameters, signature generation algorithm, Java filter implementation, anti‑leech timing checks, nonce usage, and duplicate‑submission prevention with Redis.
This article explains how to protect API endpoints that interact with front‑end applications by using token‑based authentication, timestamp checks, and MD5 signatures, detailing the implementation of open and secured controllers, login logic, signature verification, replay‑attack mitigation, and a Spring interceptor.
The article explains how to secure API interfaces by using AccessKey/SecretKey or Token/AppKey for identity verification, generating request signatures to prevent parameter tampering, and applying timestamp‑nonce mechanisms to defend against replay attacks, while providing concrete implementation examples in code.
This guide explains why and how to verify WeChat Pay V3 response signatures using Java, covering certificate serial checks, constructing the verification string from response headers, and performing SHA256‑with‑RSA validation to ensure responses truly originate from the WeChat Pay server.
The article explains how to secure API interfaces by using AccessKey/SecretKey, token, and AppKey for identity verification, parameter signing, and replay‑attack prevention through timestamp‑nonce mechanisms, and provides step‑by‑step client and server implementation examples.
This article explains the critical importance of securing RESTful APIs—covering data protection, DoS risks, and business impact—and outlines practical measures such as authentication, API keys, access control, rate limiting, and input validation with code examples.
This article explains practical methods for protecting API data exchange—including token usage, timestamp validation, signature generation, duplicate‑submission prevention, and ThreadLocal context—provides implementation details with Spring Boot, Redis, and Java code examples, and discusses related security considerations such as DoS attacks.
This article explains common API security mechanisms such as token and user token usage, timestamp validation, signature generation, anti‑replay strategies, DoS attack types, and provides Java Spring Boot code examples for token handling, request interception, custom annotations, and ThreadLocal utilities.
This article explains practical API security techniques for protecting data exchange with third‑party systems, covering token generation and storage, timestamp validation to mitigate DoS attacks, MD5‑based request signing with nonce, preventing duplicate submissions using Redis, and illustrates the concepts with comprehensive Java code examples.
This article explains common API security mechanisms such as token, timestamp, signature, and anti‑replay techniques, demonstrates how to prevent duplicate submissions, and provides complete Java Spring Boot code examples including interceptors, Redis configuration, and utility classes for secure API design.
This article explores the cat‑and‑mouse battle between crawlers and API endpoints, detailing how dynamic signatures, token‑based authentication, time‑bound hashes, rate‑limiting, and code obfuscation can be used to defend against scraping while also showing how attackers can reverse‑engineer and bypass these defenses.
This article outlines key security mechanisms for public APIs—including data encryption, signing, timestamp validation, AppId authentication, rate limiting, blacklist handling, and data validation—and provides practical Java code examples for each technique.
This guide outlines key API security strategies—including data encryption, digital signatures, timestamp validation, AppId authentication, rate limiting, blacklist handling, and data validation—explaining their purpose, implementation details, code examples, and practical considerations for protecting transaction-related endpoints.
A developer mistake exposed a Starbucks JumpCloud API key on GitHub, triggering a critical security breach that allowed attackers to access internal systems, manipulate user accounts, and even control AWS resources, ultimately resulting in a $4,000 bounty for the researcher.
This article explores the critical role of API gateways in securing APIs, covering their advantages, drawbacks, common threats, authentication methods, communication safeguards, logging practices, and a shortlist of popular open‑source gateway solutions.
This guide explains practical methods to protect API data, covering HTTPS, request signing, SSL pinning, symmetric and asymmetric encryption, a Spring Boot starter for automatic request/response encryption, and JavaScript/Axios interceptors for client‑side encryption and decryption.
This article explains how to protect data exchanged between front‑end and back‑end services by using HTTPS, request signing, SSL pinning, and a Spring Boot starter that transparently encrypts/decrypts all API traffic with AES, complemented by JavaScript AES utilities and Axios interceptors for front‑end encryption.
This article explains why API security is crucial in front‑end/back‑end separated systems and provides practical measures—including HTTPS, request signing, SSL pinning, and full request/response AES encryption—along with a Spring Boot starter and JavaScript Axios interceptor to protect data in transit.
This article presents a collection of straightforward, developer‑friendly techniques for enhancing Java API security and performance, covering API key protection, TLS adoption, Spring Boot web service creation, application monitoring, and safeguarding sensitive configuration files.
This article walks through building a Spring Boot application that protects HTTP endpoints using OAuth2, covering password and client‑credentials flows, Maven setup, resource and authorization server configuration, in‑memory users, token retrieval, and accessing secured resources with detailed code examples.
