BestHub
Sign in
Tag

nonce

1 views collected around this technical thread.

Top Architecture Tech Stack
Top Architecture Tech Stack
Mar 25, 2025 · Information Security

Designing Secure Third‑Party API Interfaces: Authentication, Signature, and Best Practices

This guide details a secure third‑party API design, covering API key generation, request signing with timestamps and nonces, permission division, CRUD endpoint definitions, unified response structures, and best‑practice security measures such as HTTPS, IP whitelisting, rate limiting, logging, and idempotency handling.

API securityAuthenticationJava
0 likes · 29 min read
Designing Secure Third‑Party API Interfaces: Authentication, Signature, and Best Practices
Top Architect
Top Architect
Dec 17, 2024 · Information Security

Design and Security Practices for Third‑Party API Authentication and Authorization

This article presents a comprehensive design scheme for third‑party API interfaces, covering access‑key/secret‑key generation, permission segmentation, signature flow and rules, anti‑replay mechanisms, token handling, and concrete Java code examples for secure request validation.

API securitySignatureaccess key
0 likes · 29 min read
Design and Security Practices for Third‑Party API Authentication and Authorization
Architecture Digest
Architecture Digest
Apr 24, 2024 · Information Security

Secure Third‑Party API Design: AK/SK, Token, Signature, Timestamp & Nonce

The article presents a comprehensive guide to designing secure third‑party APIs, covering access‑key/secret‑key generation, token management, signature algorithms, timestamp and nonce anti‑replay mechanisms, permission granularity, request logging, rate limiting, and example Java and SQL implementations.

API securityAuthenticationSignature
0 likes · 28 min read
Secure Third‑Party API Design: AK/SK, Token, Signature, Timestamp & Nonce
Code Ape Tech Column
Code Ape Tech Column
Dec 15, 2023 · Information Security

Secure API Design for Microservices: Anti‑Tampering, Anti‑Replay, and Authentication Strategies

This article explains how to protect microservice APIs from tampering and replay attacks by using HTTPS, request signing, nonce‑timestamp mechanisms, and AppId/AppSecret authentication, and demonstrates a complete Java/Spring implementation with a responsibility‑chain based verification filter.

API securityMicroservicesSignature
0 likes · 14 min read
Secure API Design for Microservices: Anti‑Tampering, Anti‑Replay, and Authentication Strategies
Laravel Tech Community
Laravel Tech Community
May 16, 2022 · Information Security

Preventing Replay Attacks with Timestamps and Nonces in PHP

The article explains replay attacks, describes how using a timestamp, a nonce, or a combination of both can protect API requests, and provides complete PHP code examples for signing and verifying requests to ensure each call is accepted only once.

PHPReplay Attackinformation security
0 likes · 7 min read
Preventing Replay Attacks with Timestamps and Nonces in PHP
Code Ape Tech Column
Code Ape Tech Column
Jan 29, 2021 · Information Security

Preventing API Parameter Tampering and Replay Attacks Using Timestamp and Nonce

This article explains how timestamp and nonce mechanisms can be combined to protect API endpoints from parameter tampering and replay attacks, illustrating the approach with a Java Spring interceptor that stores nonces in Redis and validates signatures on each request.

API securityJavaRedis
0 likes · 8 min read
Preventing API Parameter Tampering and Replay Attacks Using Timestamp and Nonce