Designing a Secure REST (Web) API without OAuth

Situation You want to develop a RESTful web API for developers that is secure to use, but doesn’t require the complexity of OAuth and takes a simple “pass the credentials in the query” approach… or something equally-as-easy for people to use, but it needs to be secure. You are a smart guy, so you start to think… Problem You realize that literally passing the credentials over HTTP leaves that data open to being sniffed in plain-text; After the Gawker incident, you realize that plain-text or weakly-hashed anything is usually a bad idea. You realize that hashing the password and sending the hash over the wire in lieu of the plain-text password still gives people sniffing at least the username for the account and a hash of the password that could (in a disturbing number of cases) be looked up in a Rainbow Table. That’s not good, so you scratch your head some more… “Still not quite right!” Solution So you keep searching for articles on “secure API design“… That seems pretty straight forward.

Halal Holiday package Learn Quran on Skype We charge very minimal and competitive fees for teaching Quran Al Kareem. We have teachers who can teach Quran in almost all languages. So you can learn Quran no matter what language you speak. USA & Canadian Students Singapore Students *Singapore Dollars UK and Ireland Students European Students Special Classes If there is a different number of days, you are interested in, e.g 7 days a week or 4 days, please discuss it with admin by calling us on our Skype admin Skypeschool.co.uk. Please refer to our Quran specific site for more details.