Advantages and Disadvantages of SSL ~ API related

by Giulio Delgado.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on apis and web feeds  

You are here: Categories » Internet » APIs and Web Feeds

Configuring your web server to present the API over an SSL connection adds protection for both the request and response bodies, while requiring little to no additional coding for the API. Remember that the use of a server certificate only authenticates the server for the client, it does nothing to identify the client itself. It is best used layered with one of the previous two examples.

Advantages:

  • Encryption — Both request and response bodies are protected from intermediate prying eyes.

  • Server authenticated — Clients who record the server's SSL certificate can monitor it to ensure it does not change over time (which could indicate a man-in-the-middle attack). Using a certificate signed by a signing authority can also provide a similar level of assurance for the client application.

  • Easy setup — No additional coding required, just configure the web server.

Disadvantages:

  • Increased load — Encrypting and decrypting communications is noticeably more CPU-intensive than unencrypted communications. Every request requires additional back and forth communications to set up the secure socket.

  • No client identification — Using an SSL

  • Additional client-side requirements — Handling SSL from the client side isn't always trivial, and languages may require additional extensions installed (which may or may not be available in a shared host environment).

SSL is an excellent layer to add to any API. It provides security for the request and response payloads, as well as provides some assurance for the client application as to the identity of the server. It is easily combined with either HTTP authentication or message-based authentication. Some care, however, should be taken not to use SSL unnecessarily, because it has additional requirements for the client application that not all developers may be able to meet, and it places additional CPU load on both sides as messages are encrypted and decrypted.

Share
Leave a comment or ask a question
Total comments: 0

APIs and Web Feeds Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
How to implement the SOAP technology - Like REST, implementing SOAP involves both generating requests and then handling the response. Whereas handling the SOAP response is similar to the REST result, generating the SOAP request is quite (more...)
Advantages and Disadvantages of Open API - Under an open API, absolutely no security or authentication methods are used. A query is received from the wild, and the system makes its best effort to respond to it appropriately. This has severa (more...)
Common API Performance Techniques - Websites are designed to be accessed by individuals, and as such tend to rely on the relatively slow speed of the user to avoid any performance bottlenecks. This technique fails miserably wi (more...)
Introduction to Web APIs ~ REST vs SOAP - When interacting with web services, generally the choice of which method to use will be made for you. The majority of services operate in either REST or SOAP, not both (Amazon is a notable exceptio (more...)
What are Feeds ~ RSS and ATOM Feed Specifications - You can think of feeds as small modules of information that can be plugged into existing websites, consumed by clients on their desktop, or consumed by aggregators to be presented by users with oth (more...)
Important Considerations When Using Feeds - XML feeds provide a great resource of information, but their use is not without its own special considerations. Security and legal concerns go hand in hand whether you are producing or consuming (more...)
Advantages and Disadvantages of Client Side Certificates - The API server can generate a certificate and provide it to the client via a secure channel before any requests are made. This certificate is then used in the authentication process; this confirms (more...)
How to implement the REST technology - There are two sides to this tale, the first is how to generate legitimate REST requests, and the second is how to handle the responses correctly. Generating Requests When i (more...)
Why Do You Need to Produce Feeds - Feeds have several advantages, primarily related to consumption, over traditional HTML formats. Many desktop applications are devoted to reading feeds at regular intervals, and many of the new batc (more...)
How REST Works - Generally speaking, a REST request will involve sending a request to a special URL (similar to what you would see after filling out a form using the GET method), then receiving an XML document cont (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.