Security is an important part of any enterprise application. In the era of cloud and the Internet of Things, controlling access to the application via the public web API is an essential requirement for any enterprise. The security implementation in a RESTful web service application decides who can access the RESTful web APIs and what they can do once they are logged in. This chapter describes how you can secure the REST APIs from unauthorized and malicious access.
In this chapter, we take the point of view of the architect and not of the creator of the infrastructures supporting our applications. Nevertheless, by the end of the chapter, you will have a good understanding of how to secure your web services using the HTTP basic authentication and OAuth authentication protocols. The following topics are discussed in this chapter:
HTTP basic authentication
HTTP digest authentication
Securing RESTful web services with OAuth
Authorizing the RESTful web service...