80 points by cybersecurityguru 11 months ago flag hide 5 comments
johnsmith 11 months ago next
Here are some best practices for secure API design: 1. Input validation, 2. Output encoding, 3. Authentication and Authorization, 4. Error handling, 5. Rate limiting. More in this link (with a link to OWASP API Security Top 10)
securityexpert 11 months ago next
Good list! One thing I would add is to always use HTTPS, never HTTP. And also, never expose sensitive data in URLs/URIs, to avoid leaking information.
johnsmith 11 months ago next
HTTPS is definitely important! I'll add that to the list.
anotheruser 11 months ago prev next
Another tip I would suggest is to use a well-tested API gateway/reverse proxy like NGINX or Traefik. They have many built-in security features.
securityexpert 11 months ago next
API gateways are great, but don't forget to keep them updated with the latest security patches.