miniOrange API Security using Basic authentication is a simple authentication scheme built into the HTTP protocol. The information is retrieved from the server with just one API call, making it faster than other complex authentications.
Basic authentication is a simple authentication scheme built into the HTTP protocol. The client sends HTTP requests with the
Authorization header that contains the word
Basic word followed by a space and a base64-encoded string
For example, to authorize user with username
test and password
P@sswOrd the client would send,
Authorization: Basic dGVzdDpQQHNzd09yZA==
Use of base64-encoded messages makes it easy to retrieve the username and password from the basic authentication
Authorization header. As information is retrieved in a single API call, Basic Authentication is faster than other complex authentications. These messages are encoded, not encrypted, hence basic authentication is used with SSL/TLS to offer better security.
e.g. Authorization: Basic dGVzdDpQQHNzd09yZA==
We provide an option to enforce the use of HTTP over SSL in API requests, which transfer your credentials securely.
Validate request parameters on the very first step, before it reaches your API Server. Our strong validation checks blocks the access immediately if input validation fails, which helps to prevent SQL injection and other attacks.
We support the input validation specified by OWASP REST Security guidelines.
Along with other request parameters, we provide option to add a request timestamp as HTTP custom header in API request. The server will compare the current timestamp to the request timestamp, and only accepts the request if it is within the allowed timeframe (60-300 seconds). This will prevent replay attacks from attackers who are trying to brute force your system without changing this timestamp.
We support API requests and responses in signed manner as a added security.
API call with digitally signed requests make sure that API requests are coming from the trusted partner or client.
We protect your APIs with rate-limiting to mitigate distributed denial-of-service (DDoS) attacks and protecting the backend applications that process the API calls.