BestHub
Sign in
Tag

request signing

1 views collected around this technical thread.

Python Programming Learning Circle
Python Programming Learning Circle
Nov 1, 2024 · Backend Development

Designing a Python SDK for Cloud TTS Services: Critique and Refactoring of Volcengine's SDK

This article examines the shortcomings of Volcengine's Python TTS SDK, proposes a cleaner design using request interceptors or Auth objects, demonstrates refactored code examples with the Tetos library, and explains how to integrate signing logic into standard HTTP clients for more maintainable backend development.

HTTPSDKbackend
0 likes · 10 min read
Designing a Python SDK for Cloud TTS Services: Critique and Refactoring of Volcengine's SDK
Architect
Architect
Oct 2, 2024 · Information Security

Preventing API Parameter Tampering and Replay Attacks with Signature Verification in Java

The article explains how exposed API endpoints can be intercepted and altered, and presents practical security measures—including HTTPS, encrypted parameters, timestamp‑based signatures, and a Spring Boot filter implementation—to detect and block tampering and replay attacks in a Java backend.

API securityJavaParameter encryption
0 likes · 8 min read
Preventing API Parameter Tampering and Replay Attacks with Signature Verification in Java
Python Programming Learning Circle
Python Programming Learning Circle
May 25, 2024 · Backend Development

Critique and Refactoring of Volcengine Python SDK Request Signing

This article critiques the Volcengine Python SDK's convoluted request‑signing design, demonstrates the problems with its custom classes and static methods, and proposes cleaner solutions using the requests library's AuthBase and Session mechanisms to simplify signing and improve maintainability.

HTTPPythonRequests
0 likes · 11 min read
Critique and Refactoring of Volcengine Python SDK Request Signing
macrozheng
macrozheng
May 13, 2024 · Information Security

How to Secure APIs: Prevent Tampering and Replay Attacks with Spring Boot

This article explains why publicly exposed APIs are vulnerable to tampering and replay attacks, outlines anti‑tampering and anti‑replay strategies such as HTTPS, request signing, timestamp and nonce mechanisms, and provides a complete Spring Boot implementation with Redis support.

API securityJavaRedis
0 likes · 15 min read
How to Secure APIs: Prevent Tampering and Replay Attacks with Spring Boot
Full-Stack Internet Architecture
Full-Stack Internet Architecture
Apr 25, 2021 · Backend Development

Designing Duplicate Request Filtering: Challenges, Solutions, and Best Practices

The article examines why duplicate request filtering is a complex backend problem, explores various causes, discusses client‑side and server‑side strategies such as request IDs, Redis checks, distributed locks, and request signing, and highlights practical pitfalls and security considerations.

Distributed LockDuplicate RequestIdempotency
0 likes · 9 min read
Designing Duplicate Request Filtering: Challenges, Solutions, and Best Practices
Architecture Digest
Architecture Digest
Jan 26, 2021 · Information Security

API Request Signature Implementation and Best Practices

This article explains how to protect front‑back separated APIs using a request signature scheme, detailing the required parameters, signature generation algorithm, Java filter implementation, anti‑leech timing checks, nonce usage, and duplicate‑submission prevention with Redis.

API securityJavaSignature
0 likes · 6 min read
API Request Signature Implementation and Best Practices
System Architect Go
System Architect Go
Dec 29, 2017 · Information Security

Mitigating SMS API Abuse with Captcha, Signatures, and Third‑Party Verification

After suffering significant losses from malicious bulk requests to a registration‑focused SMS API, the author explains why simple phone‑number or IP restrictions are ineffective and proposes stronger defenses such as server‑validated captchas, request signatures, and integration with third‑party verification services like Geetest.

GeetestSMS APIabuse prevention
0 likes · 3 min read
Mitigating SMS API Abuse with Captcha, Signatures, and Third‑Party Verification