Menu
On a REST based system what are the options to "encrypt" resources ID.
For instance:
/client/2
would be accessible at
/client/SOMEHASHKEY
I am thinking :
1 - Have DB tables that keeps track of a resource ID and it's corresponding HASH and look it up on every request. This obviously seems quite heavy to implement, and increase server work quite a bit.
2 - Have some kind of internal encrypting algorithm that would create a hash for instance based on the resources creation date, the resources ID and base64 it (Obviously not optimal but you get the point)
So are there good practices for this kind of scenarios? What would you recommend ?
Many Thanks
942
REST APIs should accept JSON for request payload and also send responses to JSON. JSON is the standard for transferring data.
If you want to expose methods to allow other systems to retrieve or manipulate information, you can do it using a REST API.
If your intention is to make it hard to guess client ids, then use uuids, for example 32 hex character long guids such as 21EC2020-3AEA-1069-A2DD-08002B30309D.
Identifiying entities in a domain completely depends on the implementation which provides the REST service.
Some applications use guids by default to identify entities. A good example is for example the lovefilm API:
GET /users/9D48675C-096F-11DC-BF5A-88D01745CE5C HTTP/1.1
Host: openapi.lovefilm.com
However, using hard-to-guess identifiers does not protect you from unauthorized access and is no replacement for a real authentication mechanism.
173
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
