Tagged articles

API Security

157 articles · Page 1 of 2
Top Architect
Top Architect
Jun 6, 2026 · Information Security

Elegant API Encryption & Decryption: A Detailed Design and Implementation

This article presents a comprehensive solution for securing API interfaces by combining symmetric and asymmetric encryption, hashing, and signature techniques, illustrating the design, key exchange, data protection workflow, code implementation, and security analysis to prevent tampering, replay attacks, and unauthorized access.

AESAPI SecurityEncryption
0 likes · 14 min read
Elegant API Encryption & Decryption: A Detailed Design and Implementation
Spring Full-Stack Practical Cases
Spring Full-Stack Practical Cases
May 25, 2026 · Backend Development

7 Practical Ways to Secure Spring Boot APIs with Permission Control

This article walks through seven concrete implementations for controlling access to Spring Boot 3.5.0 controller endpoints—including Spring Security, Sa‑Token, custom annotation with AOP, interceptor, URL‑based filter, custom HandlerMapping, and a Spring Cloud Gateway filter—providing code samples, configuration details, and test results to help developers choose the right approach for API security.

AOPAPI SecurityPermission control
0 likes · 14 min read
7 Practical Ways to Secure Spring Boot APIs with Permission Control
Black & White Path
Black & White Path
May 24, 2026 · Information Security

How StubZero Exposed a Google Cloud Production RCE and Earned $148,337

A researcher discovered an unauthenticated debug endpoint in Google Cloud that leaked protobuf definitions, turned it into a "req2proto as a Service", abused Stubby RPC permissions, chained several API calls to achieve full remote code execution, and received a $148,337 bug‑bounty.

API SecurityBug BountyGoogle Cloud
0 likes · 22 min read
How StubZero Exposed a Google Cloud Production RCE and Earned $148,337
MaGe Linux Operations
MaGe Linux Operations
May 3, 2026 · Backend Development

How to Implement Nginx Rate Limiting: Prevent Abuse, Scraping, and API Overload

This article explains how to use Nginx's built‑in limit_req and limit_conn modules—based on the leaky‑bucket algorithm—to protect APIs from malicious flooding, excessive crawling, sudden traffic spikes, and individual user abuse, covering configuration directives, practical examples, advanced scenarios, testing, and deployment best practices.

API SecurityLeaky BucketNGINX
0 likes · 20 min read
How to Implement Nginx Rate Limiting: Prevent Abuse, Scraping, and API Overload
DeWu Technology
DeWu Technology
Apr 29, 2026 · Information Security

How a General AI Agent Powers Scalable Gateway Route Security Audits

The article presents a practical AI‑driven security audit system for gateway routes that uses a layered “general Agent + business Skill” design, combines batch AI filtering with human verification, achieves full‑coverage, minute‑level detection, and reduces token costs by over 95 % through multiple optimizations.

AI AgentAPI SecurityMCP Tool
0 likes · 15 min read
How a General AI Agent Powers Scalable Gateway Route Security Audits
Top Architect
Top Architect
Apr 28, 2026 · Backend Development

Elegant API Rate Limiting with Spring Interceptor and Redis

This article demonstrates a step‑by‑step implementation of API anti‑brush (rate limiting) using a Spring Interceptor combined with Redis, explains how to configure time windows and request limits, introduces a custom @AccessLimit annotation for fine‑grained control, discusses path‑parameter pitfalls, real‑IP handling, and shares practical testing results.

API SecurityJavaRedis
0 likes · 20 min read
Elegant API Rate Limiting with Spring Interceptor and Redis
Black & White Path
Black & White Path
Apr 24, 2026 · Information Security

Why Forgotten Ghost APIs Are Becoming Attackers’ Golden Backdoors

Ghost APIs—deprecated endpoints that remain active in production—create invisible attack surfaces, allowing adversaries to bypass modern defenses, as illustrated by incidents like Optus and T‑Mobile; the article dissects their risks, how attackers locate them, and practical three‑step defenses to eliminate these hidden vulnerabilities.

AI threatAPI SecurityDeprecated endpoints
0 likes · 15 min read
Why Forgotten Ghost APIs Are Becoming Attackers’ Golden Backdoors
Java Tech Enthusiast
Java Tech Enthusiast
Apr 22, 2026 · Information Security

Why Your API Keys Are Your Digital Wallet—and How to Stop Leaking Them

Developers often scatter API keys across .env files, hard‑code them into source code, or push them to public GitHub repositories, leading to massive credential leaks that can instantly drain cloud‑service balances, as shown by real‑world GitHub scans and industry reports.

AI servicesAPI SecurityGitHub leaks
0 likes · 5 min read
Why Your API Keys Are Your Digital Wallet—and How to Stop Leaking Them
Java Architect Handbook
Java Architect Handbook
Apr 21, 2026 · Information Security

How to Secure Spring Boot APIs with RSA Encryption: A Step‑by‑Step Guide

This article explains RSA encryption fundamentals, illustrates two practical scenarios, and walks through creating a Spring Boot project, adding Maven dependencies, configuring RSA keys, annotating controllers for automatic encryption/decryption, testing the endpoints, and handling client‑side encryption with JavaScript, while highlighting common pitfalls.

API SecurityEncryptionJava
0 likes · 13 min read
How to Secure Spring Boot APIs with RSA Encryption: A Step‑by‑Step Guide
IT Services Circle
IT Services Circle
Apr 17, 2026 · Information Security

Why Your API Keys Are Leaking on GitHub and How to Stop It

Developers often hard‑code AI service API keys in code or .env files, unintentionally push them to public GitHub repositories, leading to massive credential leaks, costly abuse, and security incidents, while tools like apiradar.live can monitor and alert on such exposures.

AI servicesAPI SecurityGitHub
0 likes · 5 min read
Why Your API Keys Are Leaking on GitHub and How to Stop It
Java Tech Enthusiast
Java Tech Enthusiast
Apr 15, 2026 · Information Security

Why Your API Keys Are Leaking on GitHub and How to Stop It

Developers often store dozens of AI service API keys in .env files or hard‑code them, which can accidentally be committed to public GitHub repositories, leading to massive credential exposure, unexpected billing, and security breaches; this article explains the risks, real‑world examples, statistics, and practical steps to protect your keys.

API SecurityGitHubenvironment variables
0 likes · 4 min read
Why Your API Keys Are Leaking on GitHub and How to Stop It
Huolala Safety Emergency Response Center
Huolala Safety Emergency Response Center
Apr 15, 2026 · Information Security

How to Auto‑Label 10K APIs with 95% Confidence Using Self‑Learning Feature Engineering

This article presents a detailed case study of how a large‑scale API security team built an automated, self‑learning classification system that tags tens of thousands of APIs with business labels, improves model accuracy by five points, and maintains high precision through a confidence‑driven feedback loop.

API SecurityCatBoostSHAP
0 likes · 13 min read
How to Auto‑Label 10K APIs with 95% Confidence Using Self‑Learning Feature Engineering
Huolala Tech
Huolala Tech
Apr 15, 2026 · Information Security

How We Built a Self‑Learning API Classification System for Security

This article details a real‑world case study of how a large logistics platform created an automated, self‑evolving API asset‑classification pipeline—covering data collection, feature engineering, model training with CatBoost, confidence‑based label feedback, and lessons learned—to improve API security monitoring and reduce manual labeling effort.

API SecurityCatBoostSHAP
0 likes · 13 min read
How We Built a Self‑Learning API Classification System for Security
Data STUDIO
Data STUDIO
Apr 1, 2026 · Backend Development

10 Advanced Pydantic Tricks to Strengthen FastAPI Request Validation

The article shows how Pydantic’s default type coercion can silently accept malformed data—dangerous for payment APIs—and presents ten advanced techniques, including strict mode, field constraints, separate create/update/response models, cross‑field validators, custom error handling, reusable types, extra‑field forbidding, nested models, computed fields, and discriminated unions, to enforce robust FastAPI request validation.

API SecurityFastAPIPydantic
0 likes · 19 min read
10 Advanced Pydantic Tricks to Strengthen FastAPI Request Validation
Lao Guo's Learning Space
Lao Guo's Learning Space
Mar 31, 2026 · Information Security

OpenClaw Security Hardening: Complete Guide to Protect API Keys and Enforce Least‑Privilege

This guide details why OpenClaw’s high‑privilege capabilities make API keys a critical asset, presents concrete risk scenarios, and walks through practical key management, permission controls, network hardening, data privacy, auditing, and configuration templates to secure AI agent deployments.

API SecurityOpenClawPermission control
0 likes · 14 min read
OpenClaw Security Hardening: Complete Guide to Protect API Keys and Enforce Least‑Privilege
Architect's Guide
Architect's Guide
Mar 2, 2026 · Information Security

Essential API Security Measures and How to Implement Them

This article outlines key API security mechanisms—including encryption, signing, timestamp validation, AppId authentication, rate limiting, blacklist control, and data validation—and provides practical Java code examples and implementation guidelines for each technique.

API SecurityAppIdData Validation
0 likes · 10 min read
Essential API Security Measures and How to Implement Them
Test Development Learning Exchange
Test Development Learning Exchange
Jan 28, 2026 · Information Security

One-Line Python Decorator to Auto‑Encrypt, Sign, and Secure API Requests

Learn how to replace repetitive manual signing, encryption, timestamp, and nonce handling in API tests with a single Python @secure_request decorator that automatically encrypts specified fields, adds security parameters, generates signatures, and sends the request, improving maintainability and reducing errors.

API SecurityDecoratorEncryption
0 likes · 9 min read
One-Line Python Decorator to Auto‑Encrypt, Sign, and Secure API Requests
Open Source Tech Hub
Open Source Tech Hub
Jan 21, 2026 · Information Security

JWT Explained: When to Use Stateless Tokens and What to Watch Out For

JSON Web Tokens (JWT) provide a compact, signed, self-contained way to authenticate API requests without server-side session storage, offering scalability and speed, while introducing trade-offs such as revocation challenges, token size, and exposure of unencrypted payloads, making them ideal for distributed systems but unsuitable for scenarios requiring immediate logout or sensitive data.

API SecurityJWTauthentication
0 likes · 10 min read
JWT Explained: When to Use Stateless Tokens and What to Watch Out For
360 Smart Cloud
360 Smart Cloud
Jan 20, 2026 · Information Security

How to Secure APIs: Core Risks and Multi‑Layer Defense Strategies

This article outlines the four primary API security risks—malicious calls, data tampering, sensitive data leakage, and XSS propagation—and presents a comprehensive, multi‑layered protection framework spanning frontend safeguards, firewalls, gateways, and fine‑grained API design guidelines within APICloud.

API SecurityEncryptionauthentication
0 likes · 12 min read
How to Secure APIs: Core Risks and Multi‑Layer Defense Strategies
Java Architect Handbook
Java Architect Handbook
Dec 31, 2025 · Backend Development

Mastering API Rate Limiting with Spring Interceptor and Redis

This article walks through building a Spring MVC interceptor that leverages Redis to enforce per‑IP request limits, explains configurable parameters, shows how to apply protection selectively via mapping rules or custom annotations, and discusses practical pitfalls such as sliding‑window logic, path‑parameter handling, and real‑IP detection.

API SecurityJavaRedis
0 likes · 20 min read
Mastering API Rate Limiting with Spring Interceptor and Redis
Top Architect
Top Architect
Dec 21, 2025 · Information Security

Securing API Calls with Hybrid Symmetric‑Asymmetric Encryption and HTTPS Principles

This article presents a comprehensive design for API request and response protection that combines symmetric and asymmetric encryption, HTTPS fundamentals, and WeChat Pay specific cryptographic mechanisms, detailing key exchange, data signing, parameter handling, implementation code, common pitfalls, and a security analysis.

API SecurityEncryptionHTTPS
0 likes · 14 min read
Securing API Calls with Hybrid Symmetric‑Asymmetric Encryption and HTTPS Principles
Top Architect
Top Architect
Dec 7, 2025 · Information Security

Designing Secure API Encryption with HTTPS and WeChat Pay Principles

This article outlines a comprehensive API security solution that combines symmetric and asymmetric encryption, HTTPS fundamentals, and WeChat Pay cryptographic practices, detailing design, implementation, key management, parameter handling, backend processing, and security analysis to protect against tampering, replay, and crawling.

API SecurityWeChat Paydigital signatures
0 likes · 14 min read
Designing Secure API Encryption with HTTPS and WeChat Pay Principles
Ray's Galactic Tech
Ray's Galactic Tech
Nov 2, 2025 · Information Security

How to Secure Third‑Party API Calls with TLS, HMAC Signatures & RSA Encryption

To protect sensitive data in third‑party API integrations, this guide outlines a three‑layer security architecture—mutual TLS for channel protection, HMAC‑based request signing for integrity, and RSA encryption for data confidentiality—plus key management, monitoring, performance considerations, and implementation roadmaps.

API SecurityEncryptionHMAC
0 likes · 10 min read
How to Secure Third‑Party API Calls with TLS, HMAC Signatures & RSA Encryption
Architect's Guide
Architect's Guide
Oct 28, 2025 · Backend Development

How to Prevent API Scraping in High‑Traffic Seckill Systems with Java

During high‑traffic flash‑sale events like Double 11, malicious users can flood seckill APIs, causing service collapse and inventory errors; this article explains the business pain points and presents a multi‑layer anti‑scraping solution—including rate limiting, behavior detection, captchas, request signing, token mechanisms, and asynchronous order processing—with concrete Java implementations.

API SecurityJavaSeckill
0 likes · 7 min read
How to Prevent API Scraping in High‑Traffic Seckill Systems with Java
Top Architect
Top Architect
Oct 5, 2025 · Information Security

Securing Third‑Party APIs: AK/SK Generation, Signature Rules, and Anti‑Replay Strategies

This guide explains how to secure third‑party APIs by generating unique Access Key/Secret Key pairs, designing signature processes with timestamps and nonces, implementing permission division, creating robust API endpoints, and applying best‑practice security measures such as HTTPS, token handling, rate limiting, and idempotency.

AK/SKAPI SecurityAnti-replay
0 likes · 33 min read
Securing Third‑Party APIs: AK/SK Generation, Signature Rules, and Anti‑Replay Strategies
Architect
Architect
Oct 1, 2025 · Information Security

How to Secure Third‑Party APIs with AK/SK, Signatures, Tokens and Anti‑Replay Measures

This article presents a comprehensive guide to designing secure third‑party APIs, covering the generation and management of Access Key/Secret Key pairs, signature creation, timestamp and nonce anti‑replay techniques, token handling, request throttling, IP whitelisting, idempotency, versioning, response standards, and practical code examples in Java and SQL.

AK/SKAPI SecurityToken
0 likes · 32 min read
How to Secure Third‑Party APIs with AK/SK, Signatures, Tokens and Anti‑Replay Measures
Architect's Guide
Architect's Guide
Sep 7, 2025 · Backend Development

User Login & Token Management: Flow, Rate Limiting, and Security

This article explains the complete user login process, from mobile verification and automatic registration to token generation, validation, expiration policies, logout handling, anonymous access strategies, rate‑limiting via authorized tokens, path‑regex checks, and blacklist management, illustrated with diagrams and Java‑Spring code examples.

API SecurityToken ManagementUser Authentication
0 likes · 10 min read
User Login & Token Management: Flow, Rate Limiting, and Security
Architect's Guide
Architect's Guide
Sep 4, 2025 · Information Security

How to Secure Public APIs: Essential Measures and Java Implementation Guide

This article outlines essential security measures for public APIs—including data encryption, signing, timestamp validation, AppId authentication, rate limiting, blacklist handling, and data validation—explaining why each is needed and providing concrete Java implementation examples such as HTTPS, MD5 signatures, token‑bucket algorithms, and RateLimiter usage.

API SecurityAppIdEncryption
0 likes · 10 min read
How to Secure Public APIs: Essential Measures and Java Implementation Guide
Architect's Guide
Architect's Guide
Jul 20, 2025 · Information Security

Unlocking API Security: 10 Common Vulnerabilities Every Tester Must Know

This article explains the most frequent API security flaws—including information disclosure, broken object and function level authorizations, excessive data exposure, rate‑limiting gaps, mass‑assignment, misconfigurations, asset‑management errors, and business‑logic bugs—while providing practical examples, detection techniques, and code snippets for each vulnerability.

API SecurityBFLABOLA
0 likes · 16 min read
Unlocking API Security: 10 Common Vulnerabilities Every Tester Must Know
Architecture and Beyond
Architecture and Beyond
Jul 5, 2025 · Information Security

Why Leaked OpenAI API Keys Are a Massive Risk and How to Protect Yours

Leaked API keys on GitHub expose millions of dollars and sensitive data, as illustrated by real-world breaches, and the article explains why developers embed secrets, the dangers involved, and practical steps—environment variables, secret managers, git hooks, and regular scanning—to prevent costly security incidents.

API SecurityGitHub scanningdevops best practices
0 likes · 8 min read
Why Leaked OpenAI API Keys Are a Massive Risk and How to Protect Yours
Architect's Guide
Architect's Guide
Jul 1, 2025 · Backend Development

Spring Boot API Validation, Global Exception Handling & Secure Versioning

This guide walks through building robust Spring Boot backend APIs by detailing request parameter validation with @Validator, implementing global exception handling, standardizing unified response structures, applying custom annotations for response control, managing API versioning via path and header strategies, and enhancing security with token authentication, timestamps, signatures, and HTTPS.

API SecurityAPI ValidationResponse Wrapping
0 likes · 24 min read
Spring Boot API Validation, Global Exception Handling & Secure Versioning
Code Ape Tech Column
Code Ape Tech Column
Jun 10, 2025 · Information Security

Securing OpenAPI Interfaces with AppId, AppSecret, and RSA Signatures

This article explains how to standardize and protect OpenAPI interfaces by using globally unique AppId/AppSecret pairs, generating RSA‑based signatures, implementing timestamp and nonce checks, and applying common security measures such as rate limiting, whitelist/blacklist controls, and sensitive data handling, all illustrated with complete Java code examples.

API SecurityAppIdAppSecret
0 likes · 28 min read
Securing OpenAPI Interfaces with AppId, AppSecret, and RSA Signatures
Architect's Must-Have
Architect's Must-Have
Jun 6, 2025 · Backend Development

How to Secure API Calls with Tokens, Timestamps, and Signatures in Spring Boot

This article explains practical methods for protecting data exchanged with third‑party systems by using access tokens, timestamps, cryptographic signatures, and anti‑duplicate‑submission techniques, and provides complete Spring Boot code examples for token generation, validation, Redis storage, and request interception.

API SecurityBackend DevelopmentSpring Boot
0 likes · 24 min read
How to Secure API Calls with Tokens, Timestamps, and Signatures in Spring Boot
Spring Full-Stack Practical Cases
Spring Full-Stack Practical Cases
Jun 6, 2025 · Backend Development

Secure Spring Boot 3 APIs: 5 Methods with Filters, Interceptors, AOP, OAuth2

This article presents five practical approaches to protect Spring Boot 3 API endpoints—including Filter, Interceptor, AOP combined with Filter, Spring Security, and OAuth2 integration—providing code examples, configuration steps, and screenshots to demonstrate authentication, authorization, and token handling for secure access control.

API SecurityAuthorizationJava
0 likes · 11 min read
Secure Spring Boot 3 APIs: 5 Methods with Filters, Interceptors, AOP, OAuth2
Alibaba Cloud Developer
Alibaba Cloud Developer
May 9, 2025 · Information Security

What’s New in MCP 2025‑03‑26? Deep Dive into OAuth 2.1, Streamable HTTP, and JSON‑RPC Enhancements

The MCP 2025‑03‑26 release introduces mandatory OAuth 2.1 with PKCE, a single‑endpoint Streamable HTTP transport, required JSON‑RPC batch processing, richer tool metadata, structured progress notifications, audio multimodal support, and robust session management, all backed by extensive security hardening and performance gains.

API SecurityJSON-RPCMCP
0 likes · 14 min read
What’s New in MCP 2025‑03‑26? Deep Dive into OAuth 2.1, Streamable HTTP, and JSON‑RPC Enhancements
Java Architect Essentials
Java Architect Essentials
May 8, 2025 · Backend Development

How @Encrypt Simplifies API Security in SpringBoot

This article explains how the @Encrypt annotation in SpringBoot can automatically handle encryption and decryption of sensitive API parameters, eliminating repetitive manual code, improving maintainability, and allowing custom encryption strategies for real‑world applications.

API SecurityAnnotationEncryption
0 likes · 7 min read
How @Encrypt Simplifies API Security in SpringBoot
Java Architect Essentials
Java Architect Essentials
May 6, 2025 · Backend Development

How @Authenticated Simplifies SpringBoot API Security

The article explains how the @Authenticated annotation in SpringBoot can replace repetitive manual authentication code, offering automatic request validation, role‑based checks, and streamlined error handling, with practical examples and a clear list of benefits for developers.

API SecurityAnnotationJava
0 likes · 7 min read
How @Authenticated Simplifies SpringBoot API Security
Top Architect
Top Architect
Apr 17, 2025 · Information Security

Designing Secure Third‑Party API Authentication with AK/SK, Signatures and Replay‑Attack Prevention

This article presents a comprehensive design for securing third‑party APIs by using Access Key/Secret Key pairs, timestamp and nonce validation, signature generation, token handling, HTTPS, rate limiting, logging, idempotency, versioning, standardized response formats and practical Java code examples to prevent tampering and replay attacks.

API SecurityAccess KeyToken
0 likes · 32 min read
Designing Secure Third‑Party API Authentication with AK/SK, Signatures and Replay‑Attack Prevention
Huolala Tech
Huolala Tech
Apr 15, 2025 · Information Security

How a Key Management Gateway Secures Third‑Party API Integrations

This article examines the security challenges of integrating third‑party services via OpenAPI, analyzes code and personnel risks of key exposure, and presents a key‑gateway solution that uses KMS, multi‑tenant architecture, customizable signing modules, and robust exception handling to protect sensitive credentials.

API SecurityKMSMiddleware
0 likes · 15 min read
How a Key Management Gateway Secures Third‑Party API Integrations
Huolala Safety Emergency Response Center
Huolala Safety Emergency Response Center
Apr 14, 2025 · Information Security

How a Key Gateway Secures Third‑Party API Calls and Prevents Key Leaks

This article analyzes the security risks of exposing third‑party service keys in modern applications, examines traditional and ideal key‑management approaches, and presents a detailed design of a Key Gateway that centralizes signing, encryption, token handling, multi‑tenant support, and robust exception management to protect sensitive credentials.

API SecurityAccess ControlEncryption
0 likes · 17 min read
How a Key Gateway Secures Third‑Party API Calls and Prevents Key Leaks
Architect's Guide
Architect's Guide
Mar 31, 2025 · Information Security

Design and Security Practices for Third‑Party API Authentication and Signing

This article presents a comprehensive design scheme for third‑party APIs, covering permission segmentation, AK/SK generation, signature workflow and rules, secure API endpoint design, anti‑replay mechanisms, token handling, TLS encryption, database schema, and implementation examples in Java.

API SecurityAccess KeyJava
0 likes · 30 min read
Design and Security Practices for Third‑Party API Authentication and Signing
Top Architecture Tech Stack
Top Architecture Tech Stack
Mar 25, 2025 · Information Security

Designing Secure Third‑Party API Interfaces: Authentication, Signature, and Best Practices

This guide details a secure third‑party API design, covering API key generation, request signing with timestamps and nonces, permission division, CRUD endpoint definitions, unified response structures, and best‑practice security measures such as HTTPS, IP whitelisting, rate limiting, logging, and idempotency handling.

API SecurityJavaauthentication
0 likes · 29 min read
Designing Secure Third‑Party API Interfaces: Authentication, Signature, and Best Practices
Didi Tech
Didi Tech
Feb 13, 2025 · Frontend Development

Front-End Architecture Refactoring for International Food Delivery Merchant Marketing

The case study details how a unified TypeScript‑based activity data model, combined with JSON‑Schema validation and dependency‑injected configuration, refactored a multi‑channel food‑delivery merchant marketing front‑end, cutting code duplication, boosting extensibility, and improving development speed by roughly 40% for new activity types.

API SecurityConfigurationMarketing
0 likes · 11 min read
Front-End Architecture Refactoring for International Food Delivery Merchant Marketing
Top Architect
Top Architect
Jan 22, 2025 · Information Security

Designing Secure Third‑Party API Authentication with AK/SK, Signatures and Token Management

This article presents a comprehensive design for securing third‑party API calls by generating unique Access Key/Secret Key pairs, defining permission granularity, implementing signature generation with timestamps and nonces, handling token lifecycle, and providing concrete Java and SQL code examples for practical deployment.

AK/SKAPI SecurityJava
0 likes · 31 min read
Designing Secure Third‑Party API Authentication with AK/SK, Signatures and Token Management
Eric Tech Circle
Eric Tech Circle
Dec 16, 2024 · Backend Development

Implementing Secure Double‑Token Authentication in WeChat Mini‑Programs

This article explains the design and implementation of a dual‑token authentication system—short‑lived AccessToken and long‑lived RefreshToken—for WeChat Mini‑Programs, covering token generation, login flow, client‑side handling of 401/403 errors, and best‑practice testing strategies.

API SecurityAccessTokenJWT
0 likes · 6 min read
Implementing Secure Double‑Token Authentication in WeChat Mini‑Programs
Top Architect
Top Architect
Dec 6, 2024 · Information Security

Design and Implementation of Secure Third‑Party API Authentication Using AK/SK, Signatures, and Tokens

This article presents a comprehensive design for securing third‑party APIs, covering permission segmentation, AK/SK generation, signature workflow and rules, anti‑replay mechanisms, token handling, detailed API endpoint specifications, and best‑practice security measures with illustrative Java code examples.

AK/SKAPI SecurityToken
0 likes · 32 min read
Design and Implementation of Secure Third‑Party API Authentication Using AK/SK, Signatures, and Tokens
Programmer XiaoFu
Programmer XiaoFu
Dec 4, 2024 · Information Security

Designing Elegant and Secure Third‑Party APIs: Key Practices and Pitfalls

The article presents a comprehensive design for third‑party APIs that protects against data tampering, replay attacks, and unauthorized access by using AK/SK key pairs, timestamp and nonce signatures, TLS encryption, fine‑grained permission models, rate limiting, idempotency handling, versioning, standardized response formats, and detailed implementation examples in Java.

AK/SKAPI SecurityREST API
0 likes · 32 min read
Designing Elegant and Secure Third‑Party APIs: Key Practices and Pitfalls
Architect
Architect
Dec 3, 2024 · Information Security

How to Secure Third‑Party APIs with AK/SK, Signatures, and Token Strategies

This guide presents a comprehensive design for securing third‑party API calls, covering Access Key/Secret Key generation, permission granularity, timestamp and nonce based replay protection, signature creation and verification, token handling, TLS encryption, rate limiting, logging, and practical Java code examples.

API SecurityAccess KeyJava
0 likes · 28 min read
How to Secure Third‑Party APIs with AK/SK, Signatures, and Token Strategies
Architect
Architect
Nov 30, 2024 · Information Security

Secure Spring Boot API Data Transmission with AES/RSA Hybrid Encryption

This article explains how to protect front‑end and back‑end communication in a Spring Boot application by encrypting request and response data using a hybrid AES and RSA scheme, custom request wrappers, filters, and AOP‑based response encryption, complete with code examples and implementation details.

AESAPI SecurityEncryption
0 likes · 48 min read
Secure Spring Boot API Data Transmission with AES/RSA Hybrid Encryption
Architect
Architect
Oct 2, 2024 · Information Security

Preventing API Parameter Tampering and Replay Attacks with Signature Verification in Java

The article explains how exposed API endpoints can be intercepted and altered, and presents practical security measures—including HTTPS, encrypted parameters, timestamp‑based signatures, and a Spring Boot filter implementation—to detect and block tampering and replay attacks in a Java backend.

API SecurityJavaParameter encryption
0 likes · 8 min read
Preventing API Parameter Tampering and Replay Attacks with Signature Verification in Java
Code Ape Tech Column
Code Ape Tech Column
Sep 27, 2024 · Information Security

Implementing API Request and Response Encryption/Decryption with Spring MVC and ControllerAdvice

This article demonstrates how to secure API interfaces by implementing symmetric encryption and decryption for both GET and POST requests in a Spring MVC application, using ControllerAdvice to intercept and process request and response bodies, handling key management, signature verification, and serialization issues across H5, Android, and iOS clients.

@ControllerAdviceAPI SecurityJava
0 likes · 14 min read
Implementing API Request and Response Encryption/Decryption with Spring MVC and ControllerAdvice
Huolala Tech
Huolala Tech
Sep 17, 2024 · Information Security

How to Automate Logic Vulnerability Detection with DAST, IAST, and API Analysis

This article outlines the background of logic vulnerabilities, compares SAST/IAST/DAST techniques, presents a comprehensive detection architecture with API traffic capture, token collection, fuzzy‑hash response comparison, API deduplication, and discusses challenges such as public API false positives and automation gaps.

API SecurityDASTIAST
0 likes · 16 min read
How to Automate Logic Vulnerability Detection with DAST, IAST, and API Analysis
Architect
Architect
Jul 15, 2024 · Information Security

Secure OpenAPI Design: AppId/AppSecret, RSA Signatures, Timestamp & Nonce Best Practices

This article explains how to secure OpenAPI interfaces by using globally unique AppId/AppSecret pairs, SHA‑256 and RSA signatures, timestamp and nonce validation, caching, rate‑limiting, parameter validation, and encryption algorithms, providing complete client‑server implementation examples in Java.

API SecurityJavaOpenAPI
0 likes · 26 min read
Secure OpenAPI Design: AppId/AppSecret, RSA Signatures, Timestamp & Nonce Best Practices
Top Architect
Top Architect
Jul 12, 2024 · Information Security

API Encryption and Security Design: Combining Symmetric, Asymmetric, Hashing, and Signature Techniques

This article presents a comprehensive API encryption scheme that combines symmetric and asymmetric cryptography, hashing, and digital signatures, explains HTTPS fundamentals, details WeChat Pay encryption, outlines key exchange and data protection processes, provides Java code examples, and analyzes security, anti‑tampering, anti‑replay, and performance considerations.

API SecurityEncryptionHTTPS
0 likes · 16 min read
API Encryption and Security Design: Combining Symmetric, Asymmetric, Hashing, and Signature Techniques
Shepherd Advanced Notes
Shepherd Advanced Notes
Jul 12, 2024 · Backend Development

Mastering Spring MVC’s RequestBodyAdvice and ResponseBodyAdvice: Usage and Implementation Details

This article explains the purpose, core methods, and practical implementation of Spring MVC’s RequestBodyAdvice and ResponseBodyAdvice extension points, including code examples for request decryption, signature verification, response encryption, unified result wrapping, and the underlying request‑processing flow within the framework.

API SecurityEncryptionRequestBodyAdvice
0 likes · 23 min read
Mastering Spring MVC’s RequestBodyAdvice and ResponseBodyAdvice: Usage and Implementation Details
Architecture Digest
Architecture Digest
Jul 10, 2024 · Backend Development

Implementing Internal‑Only API Access with Gateway, Redis Whitelist, and AOP in Spring Cloud

The article explains three approaches for restricting certain APIs to internal service calls—microservice isolation, a gateway‑plus‑Redis whitelist, and a gateway‑plus‑AOP solution—then provides step‑by‑step Spring Cloud code to add a public‑source header, define an AOP aspect with a custom annotation, and annotate internal‑only endpoints.

API Securitygatewayspring-cloud
0 likes · 6 min read
Implementing Internal‑Only API Access with Gateway, Redis Whitelist, and AOP in Spring Cloud
macrozheng
macrozheng
Jul 4, 2024 · Backend Development

How to Secure Internal‑Only APIs with SpringBoot, Gateway, Redis, and AOP

This article explores three practical approaches—microservice isolation, Redis‑based whitelist, and gateway‑AOP header checks—to restrict certain APIs to internal network calls, and provides step‑by‑step SpringBoot code examples for implementing the preferred gateway‑AOP solution.

AOPAPI SecurityMicroservices
0 likes · 7 min read
How to Secure Internal‑Only APIs with SpringBoot, Gateway, Redis, and AOP
Selected Java Interview Questions
Selected Java Interview Questions
May 22, 2024 · Information Security

Design and Implementation of API Encryption Using HTTPS and WeChat Pay Principles

This article presents a comprehensive design and implementation guide for securing API interfaces by combining HTTPS fundamentals with WeChat Pay encryption techniques, detailing symmetric and asymmetric encryption, hashing, signature verification, key exchange, parameter handling, and backend processing to protect against tampering, replay attacks, and data leakage.

API SecurityEncryptionHTTPS
0 likes · 15 min read
Design and Implementation of API Encryption Using HTTPS and WeChat Pay Principles
Programmer DD
Programmer DD
May 14, 2024 · Information Security

Why My Game Score Rankings Went Crazy: Lessons from RSA & AES API Encryption

The article recounts a real‑world incident where a game’s leaderboard showed absurd scores due to insecure API parameters, then explains RSA and AES fundamentals, demonstrates how to combine asymmetric and symmetric encryption for secure request handling, and provides Java code, custom annotations, and AOP logic to automate decryption on the server side.

AESAPI SecurityEncryption
0 likes · 23 min read
Why My Game Score Rankings Went Crazy: Lessons from RSA & AES API Encryption
macrozheng
macrozheng
May 13, 2024 · Information Security

How to Secure APIs: Prevent Tampering and Replay Attacks with Spring Boot

This article explains why publicly exposed APIs are vulnerable to tampering and replay attacks, outlines anti‑tampering and anti‑replay strategies such as HTTPS, request signing, timestamp and nonce mechanisms, and provides a complete Spring Boot implementation with Redis support.

API SecurityAnti-replayJava
0 likes · 15 min read
How to Secure APIs: Prevent Tampering and Replay Attacks with Spring Boot
Code Ape Tech Column
Code Ape Tech Column
May 11, 2024 · Information Security

Hybrid RSA‑AES Encryption for Secure API Parameter Transmission in Java

This article recounts a leaderboard data breach caused by tampered Base64 request parameters, then details a hybrid RSA‑AES encryption strategy—using RSA to protect the AES key, IV and timestamp while AES encrypts the actual payload—along with Java implementations, key‑generation utilities, and a Spring AOP aspect for automatic decryption, providing a comprehensive guide to securing API communications.

API SecurityJavaSpring AOP
0 likes · 20 min read
Hybrid RSA‑AES Encryption for Secure API Parameter Transmission in Java
Architect's Guide
Architect's Guide
May 10, 2024 · Backend Development

Implementing Request and Response Encryption in Spring Boot with ControllerAdvice and Jackson

This article demonstrates how to secure Spring Boot APIs by encrypting request and response bodies using custom ControllerAdvice, switching from FastJson to Jackson for proper enum and date serialization, and configuring ObjectMapper to produce consistent JSON output across encrypted and non‑encrypted endpoints.

@ControllerAdviceAPI SecurityEncryption
0 likes · 13 min read
Implementing Request and Response Encryption in Spring Boot with ControllerAdvice and Jackson
macrozheng
macrozheng
May 7, 2024 · Information Security

10 Proven Strategies to Secure Your API Data

Ensuring API data security involves encrypting transmission, using signatures, token authentication, timestamps, nonces, rate limiting, black/white lists, data masking, and parameter validation, with detailed explanations of symmetric/asymmetric encryption, HTTPS, RSA, MD5, and practical implementation steps for robust protection.

API SecurityEncryptionrate limiting
0 likes · 13 min read
10 Proven Strategies to Secure Your API Data
Java Tech Enthusiast
Java Tech Enthusiast
May 5, 2024 · Information Security

Preventing Malicious API Abuse: Security Measures and Best Practices

To prevent malicious API abuse, implement layered defenses such as firewalls to block unwanted traffic, robust captchas and SMS verification, mandatory authentication with permission controls, IP whitelisting for critical endpoints, HTTPS encryption, strict rate‑limiting via Redis, continuous monitoring with alerts, and an API gateway that centralizes filtering, authentication and throttling.

API SecurityIP whitelistMonitoring
0 likes · 9 min read
Preventing Malicious API Abuse: Security Measures and Best Practices
Architect
Architect
May 4, 2024 · Information Security

How to Secure Third‑Party APIs with AK/SK, Tokens, and Signature Strategies

This article walks through a complete security design for third‑party APIs, covering API‑key generation, request signing with timestamps and nonces, token handling, permission granularity, database schema, and practical implementation details such as rate limiting, idempotency, and TLS encryption.

API SecurityTokenauthentication
0 likes · 34 min read
How to Secure Third‑Party APIs with AK/SK, Tokens, and Signature Strategies
Architect
Architect
Apr 27, 2024 · Information Security

How to Stop Malicious API Calls: 8 Practical Defense Strategies

This article walks through eight concrete techniques—firewall rules, captchas, authentication checks, IP whitelists, HTTPS encryption, rate limiting, monitoring, and an API gateway—to prevent abusive requests from draining resources or compromising critical services.

API SecurityHTTPSIP whitelist
0 likes · 11 min read
How to Stop Malicious API Calls: 8 Practical Defense Strategies
Architect
Architect
Mar 13, 2024 · Information Security

11 Essential Practices to Secure Your APIs – From Validation to Risk Control

This article outlines eleven practical techniques for protecting API endpoints, covering parameter validation, unified response wrapping, XSS escaping, captcha integration, rate limiting, IP whitelisting, sensitive‑word checks, HTTPS adoption, data encryption, and comprehensive risk control measures, each illustrated with concrete code snippets and step‑by‑step workflows.

API SecurityHTTPSXSS protection
0 likes · 18 min read
11 Essential Practices to Secure Your APIs – From Validation to Risk Control
Selected Java Interview Questions
Selected Java Interview Questions
Feb 29, 2024 · Information Security

How to Prevent Malicious API Abuse: Firewalls, Captchas, Authentication, IP Whitelists, Encryption, Rate Limiting, Monitoring, and Gateways

This article explains a comprehensive set of techniques—including firewalls, captchas, authentication checks, IP whitelists, data encryption, rate limiting, monitoring, and API gateways—to protect interfaces from malicious abuse and ensure secure, reliable service operation.

API Securityauthenticationcaptcha
0 likes · 12 min read
How to Prevent Malicious API Abuse: Firewalls, Captchas, Authentication, IP Whitelists, Encryption, Rate Limiting, Monitoring, and Gateways
Su San Talks Tech
Su San Talks Tech
Feb 16, 2024 · Information Security

How to Prevent Malicious API Abuse: 8 Practical Security Measures

This article outlines eight effective techniques—including firewalls, captchas, authentication checks, IP whitelists, data encryption, rate limiting, monitoring, and API gateways—to protect interfaces from malicious traffic and costly abuse while balancing user experience.

API SecurityEncryptioncaptcha
0 likes · 9 min read
How to Prevent Malicious API Abuse: 8 Practical Security Measures
Architect
Architect
Feb 7, 2024 · Backend Development

How to Secure Spring MVC APIs with Request/Response Encryption Using ControllerAdvice

This article walks through a real‑world scenario of adding symmetric encryption to Spring MVC endpoints for Android, iOS and H5 clients, detailing the requirements, code implementation of request and response interceptors, serialization pitfalls with enums and LocalDateTime, and the final solution using Jackson's ObjectMapper to keep encrypted and non‑encrypted responses consistent.

@ControllerAdviceAPI SecurityEncryption
0 likes · 17 min read
How to Secure Spring MVC APIs with Request/Response Encryption Using ControllerAdvice
FunTester
FunTester
Jan 29, 2024 · Information Security

Fundamentals of API Security: Principles, Practices, and Lifecycle Management

This article provides a comprehensive overview of API security, covering authentication and authorization, privacy and encryption, input validation, detection, rate limiting, logging, secure coding, vulnerability management, lifecycle phases, and the importance of education and training to protect modern software ecosystems.

API SecurityAuthorizationEncryption
0 likes · 14 min read
Fundamentals of API Security: Principles, Practices, and Lifecycle Management
Architect's Guide
Architect's Guide
Jan 7, 2024 · Information Security

Implementing RSA Encryption and Decryption in Spring Boot APIs

This guide explains how to secure Spring Boot API responses using RSA asymmetric encryption, covering the theory of RSA, practical scenarios, Maven setup, annotation‑based encryption/decryption, configuration files, and a JavaScript front‑end example for encrypting request payloads.

API SecurityEncryptionJava
0 likes · 10 min read
Implementing RSA Encryption and Decryption in Spring Boot APIs
Su San Talks Tech
Su San Talks Tech
Jan 6, 2024 · Information Security

11 Essential Techniques to Secure Your APIs: From Validation to Encryption

Learn eleven practical strategies to protect your APIs—including parameter validation, unified response handling, XSS escaping, permission and data access controls, captcha integration, rate limiting, IP whitelisting, sensitive word filtering, HTTPS adoption, data encryption, and risk management—to ensure robust security across your services.

API SecurityEncryptionrate limiting
0 likes · 17 min read
11 Essential Techniques to Secure Your APIs: From Validation to Encryption
Architect
Architect
Dec 29, 2023 · Industry Insights

How Bilibili Built a Scalable Anti‑Crawling System: Architecture, Data Flow, and Real‑World Impact

The article details Bilibili's comprehensive anti‑crawling solution, covering the problem background, a two‑layer detection framework integrated with APIGW and GAIA, risk perception, strategy iteration, verification mechanisms, quantitative results, and future improvement directions, all illustrated with concrete examples and performance numbers.

API SecurityBilibiliOperations
0 likes · 23 min read
How Bilibili Built a Scalable Anti‑Crawling System: Architecture, Data Flow, and Real‑World Impact
Bilibili Tech
Bilibili Tech
Dec 19, 2023 · Information Security

API Anti-Crawling Architecture and Effectiveness at Bilibili

Bilibili combats API abuse by deploying a two‑layer anti‑crawling system—gateway‑side signature verification and a GAIA risk‑control engine integrated into APIGW—that unifies device data, applies flexible rule packages, triggers diverse human challenges, and has already blocked billions of malicious requests with over 85% recall while preventing service outages.

API SecurityBilibiliTraffic analysis
0 likes · 22 min read
API Anti-Crawling Architecture and Effectiveness at Bilibili
Top Architect
Top Architect
Nov 9, 2023 · Backend Development

Implementing Open API Signature Verification with Spring Boot and AOP

This article explains the concept of open interfaces and signature verification, outlines the end‑to‑end signing and verification flow, and provides a complete Spring Boot implementation including configuration properties, a signature manager, custom annotation, AOP aspect, request‑caching filter and utility classes, all illustrated with code snippets.

API SecurityJavaOpenAPI
0 likes · 20 min read
Implementing Open API Signature Verification with Spring Boot and AOP
Top Architect
Top Architect
Oct 16, 2023 · Information Security

RSA Encryption and Decryption in Spring Boot – A Practical Guide

This article explains the principles of RSA asymmetric encryption, illustrates two communication scenarios, and provides a step‑by‑step Spring Boot implementation with Maven dependencies, configuration, annotations, and front‑end JavaScript code to encrypt API requests and decrypt responses, helping developers secure their APIs.

API SecurityJavaRSA
0 likes · 12 min read
RSA Encryption and Decryption in Spring Boot – A Practical Guide
Spring Full-Stack Practical Cases
Spring Full-Stack Practical Cases
Oct 7, 2023 · Information Security

Secure API Responses with Data Masking, Encryption, and Jackson Annotations

This article explains practical methods to protect sensitive API data in Spring Boot applications, covering encryption, masking, access control, logging, HTTPS, and database security, and demonstrates three implementation approaches: SQL‑level masking, field‑level encryption, and custom Jackson serialization using annotations and a contextual serializer.

API SecurityData MaskingJava
0 likes · 8 min read
Secure API Responses with Data Masking, Encryption, and Jackson Annotations
macrozheng
macrozheng
Sep 14, 2023 · Information Security

How to Secure API Endpoints: Prevent Tampering and Replay Attacks with SpringBoot

This article explains why public APIs need protection, outlines anti‑tampering and anti‑replay strategies using timestamps and nonces, and provides complete SpringBoot code—including request signing, filter implementation, and Redis utilities—to safeguard API calls from manipulation and replay attacks.

API SecurityAnti-replayRedis
0 likes · 15 min read
How to Secure API Endpoints: Prevent Tampering and Replay Attacks with SpringBoot
Spring Full-Stack Practical Cases
Spring Full-Stack Practical Cases
Aug 28, 2023 · Information Security

How to Secure API Transmission with Spring Boot, Vue, and AES/DES Encryption

This guide explains how to protect API data exchange by implementing HTTPS, JWT, rate limiting, MAC, and symmetric encryption (AES/DES) in a Spring Boot backend, while using Vue and Axios on the frontend, including custom annotations, request/response advice, and crypto‑js utilities for end‑to‑end encryption.

AESAPI SecurityJWT
0 likes · 15 min read
How to Secure API Transmission with Spring Boot, Vue, and AES/DES Encryption
Architect
Architect
Aug 23, 2023 · Backend Development

How to Restrict Certain APIs to Internal Calls Only in a Microservice Architecture

This article examines three practical approaches for preventing external exposure of specific APIs—service isolation, gateway‑based Redis whitelist, and gateway‑plus‑AOP—evaluates their trade‑offs, and provides step‑by‑step Java code to implement the preferred AOP solution in a Spring Cloud environment.

AOPAPI SecurityMicroservices
0 likes · 8 min read
How to Restrict Certain APIs to Internal Calls Only in a Microservice Architecture
Liangxu Linux
Liangxu Linux
Jul 30, 2023 · Information Security

Top 12 Common API Vulnerabilities Every Tester Should Know

Understanding the most frequent API weaknesses—from information disclosure and broken object-level authorization to injection, misconfiguration, and business logic flaws—helps security testers identify, exploit, and report issues such as over‑exposed data, missing rate limits, and improper authentication across modern web services.

API SecurityBOLAbusiness logic
0 likes · 17 min read
Top 12 Common API Vulnerabilities Every Tester Should Know
MaGe Linux Operations
MaGe Linux Operations
Jul 15, 2023 · Information Security

Top API Vulnerabilities Every Tester Should Know

This article surveys the most common API security flaws—including information disclosure, broken object‑level and function‑level authorization, over‑exposure of data, missing rate limits, mass‑assignment, misconfigurations, injection attacks, improper asset management, and business‑logic bugs—providing examples, code snippets, and practical testing tips for security professionals.

API SecurityBOLAauthentication
0 likes · 17 min read
Top API Vulnerabilities Every Tester Should Know