Tagged articles

150 articles

Page 2 of 2

Feb 11, 2023 · Backend Development

Comprehensive Guide to User Login Flow, Token Management, and Anonymous Access in Backend Systems

This article explains the complete user login process, including mobile verification, token generation, token expiration policies, request‑rate limiting with Redis, anonymous request handling, blacklist management, and provides full Java Spring code examples for implementing these backend authentication mechanisms.

API SecurityAuthenticationBackend

0 likes · 11 min read

Comprehensive Guide to User Login Flow, Token Management, and Anonymous Access in Backend Systems

Code Ape Tech Column

Dec 14, 2022 · Information Security

Implementing API Request and Response Encryption in Spring Boot with ControllerAdvice

This article walks through a complete Spring Boot solution for encrypting and decrypting API requests and responses, covering requirement analysis, data models, custom ControllerAdvice implementations, serialization challenges, and practical code examples using AES and Jackson.

AESAPI SecurityControllerAdvice

0 likes · 14 min read

Implementing API Request and Response Encryption in Spring Boot with ControllerAdvice

Spring Full-Stack Practical Cases

Dec 9, 2022 · Backend Development

Masking Sensitive Fields in SpringBoot APIs: A Step-by-Step Guide

Learn three practical methods to protect sensitive API response data in SpringBoot 2.4.12—complete with SQL examples, custom Jackson annotations, and a reusable serializer to automatically mask fields like ID numbers during JSON output.

API SecurityJacksonJava

0 likes · 5 min read

Masking Sensitive Fields in SpringBoot APIs: A Step-by-Step Guide

Architect's Guide

Nov 17, 2022 · Backend Development

Designing an Open API Interface with Token Generation and Interceptor in Spring Boot

This article describes how to design an open API interface that issues time‑limited access tokens, defines the supporting database schema, implements token generation utilities, creates a token‑issuing endpoint, and secures all open‑API calls with a Spring MVC interceptor.

API SecurityDatabase designInterceptor

0 likes · 8 min read

Designing an Open API Interface with Token Generation and Interceptor in Spring Boot

Architect's Guide

Nov 16, 2022 · Information Security

Design and Implementation of Secure RPC Interface Authentication and Anti‑Hijacking Mechanisms

This article outlines the challenges of API security, proposes a hybrid symmetric‑asymmetric encryption scheme with signed requests, describes client and server processing flows, defines service attributes, and provides implementation references for a robust RPC encryption solution.

API SecurityAuthenticationRPC

0 likes · 7 min read

Design and Implementation of Secure RPC Interface Authentication and Anti‑Hijacking Mechanisms

Java High-Performance Architecture

Oct 23, 2022 · Backend Development

How to Restrict API Access to Internal Services Using Gateway, Redis, and AOP

Learn three practical strategies to prevent external exposure of specific APIs—isolating them in separate microservices, employing a Redis‑backed whitelist via the gateway, and using gateway‑added headers with AOP annotations—to enforce internal‑only access, complete with Java code examples.

API SecurityJavaaop

0 likes · 6 min read

How to Restrict API Access to Internal Services Using Gateway, Redis, and AOP

IT Architects Alliance

Oct 13, 2022 · Information Security

Mastering OAuth 2.0: Core Concepts, Grant Types, and Practical Implementation

This article provides a comprehensive, step‑by‑step guide to OAuth 2.0, covering its background, usage scenarios, core roles, token types, redirect handling, scope definition, the four grant flows, request/response examples, token refresh mechanisms, and security considerations.

API SecurityAccessTokenAuthorization

0 likes · 24 min read

Mastering OAuth 2.0: Core Concepts, Grant Types, and Practical Implementation

Selected Java Interview Questions

Oct 13, 2022 · Backend Development

Implementing Internal‑Only APIs with Microservice Isolation, Gateway Whitelist, and AOP in Java

This article explains how to restrict certain APIs to internal network calls by comparing three approaches—microservice isolation, gateway + Redis whitelist, and gateway + AOP—and provides a complete Java implementation of the AOP solution with code examples.

API SecurityBackend DevelopmentMicroservices

0 likes · 6 min read

Implementing Internal‑Only APIs with Microservice Isolation, Gateway Whitelist, and AOP in Java

Liangxu Linux

Aug 28, 2022 · Information Security

10 Proven Strategies to Secure API Data: Encryption, Signing, Tokens & More

This article outlines ten practical methods to secure API data, covering encryption of transmission, digital signing, token authentication, timestamp and nonce replay protection, rate limiting, blacklist/whitelist controls, data masking, and parameter validation, with detailed explanations and implementation steps.

API SecurityParameter Validationdata masking

0 likes · 13 min read

10 Proven Strategies to Secure API Data: Encryption, Signing, Tokens & More

JD Tech

Aug 26, 2022 · Information Security

API Security Governance and Authentication Practices in JD Logistics Sorting Platform

This article examines security challenges encountered in JD Logistics' sorting platform, details the investigative process for abnormal API requests, proposes a SHA‑256 based authentication scheme with digital signatures, compares industry‑wide API protection methods, and shares practical insights from the author's experience in financial API gateway design.

API SecurityAuthenticationdigital signature

0 likes · 15 min read

API Security Governance and Authentication Practices in JD Logistics Sorting Platform

ITPUB

Jul 4, 2022 · Information Security

10 Proven Strategies to Secure API Interfaces: Encryption, Signing, Tokens & More

This article outlines ten practical methods for protecting API data, covering transmission encryption, digital signatures, token authentication, timestamp and nonce mechanisms, rate limiting, blacklist/whitelist controls, data masking, and parameter validation to ensure comprehensive interface security.

API SecurityParameter Validationdata masking

0 likes · 14 min read

10 Proven Strategies to Secure API Interfaces: Encryption, Signing, Tokens & More

IT Architects Alliance

Jun 22, 2022 · Information Security

Secure RPC Encryption: Authentication, Anti‑Hijacking Design & Implementation

This article examines the challenges of securing API interfaces—including authentication for third‑party services and protection against request hijacking—and proposes a comprehensive RPC encryption framework that uses asymmetric and symmetric keys, signed payloads, and HTTPS fallback, detailing both client‑side and server‑side workflows, data structures, and providing links to the full source code.

API SecurityAuthenticationRPC encryption

0 likes · 5 min read

Secure RPC Encryption: Authentication, Anti‑Hijacking Design & Implementation

Top Architect

Jun 21, 2022 · Information Security

Design and Implementation of Secure RPC Encryption for Backend Services

This article outlines a comprehensive approach to securing backend APIs through authentication, anti‑hijacking measures, and a custom RPC encryption scheme that combines asymmetric and symmetric keys, detailing design principles, data flow, and implementation resources.

API SecurityRPC

0 likes · 6 min read

Design and Implementation of Secure RPC Encryption for Backend Services

Laravel Tech Community

Mar 21, 2022 · Information Security

Comparing JWT and OAuth2: Concepts, Implementation Details, and Use Cases

This article explains the fundamental differences between JSON Web Token (JWT) and OAuth2, describes their structures, security considerations, and provides guidance on when to choose each method for protecting API access in modern applications.

API SecurityAuthorizationJWT

0 likes · 9 min read

Comparing JWT and OAuth2: Concepts, Implementation Details, and Use Cases

Top Architect

Mar 15, 2022 · Information Security

Comparing JWT and OAuth2: Concepts, Implementation Details, and Use Cases

This article explains the fundamental differences between JSON Web Token (JWT) and OAuth2, describes how each works, provides code examples of JWT structure, outlines OAuth2 roles and flows, and discusses practical scenarios, advantages, and drawbacks for securing APIs.

API SecurityAuthenticationAuthorization

0 likes · 12 min read

HaoDF Tech Team

Feb 28, 2022 · Information Security

Partner Data Security Closed‑Loop Management at Haodf Online

This article outlines how Haodf Online implements a closed‑loop partner data security framework—covering background regulations, SDL‑based lifecycle stages, partner information handling, security assessment, API testing, monitoring, and continuous improvement—to protect sensitive medical data across its ecosystem.

API SecuritySDLcompliance

0 likes · 14 min read

Partner Data Security Closed‑Loop Management at Haodf Online

Java Architect Essentials

Feb 13, 2022 · Information Security

Common API Security Practices: Token, Timestamp, Signature, and Anti‑Replay Measures

This article explains how to secure API communication with tokens, timestamps, cryptographic signatures, duplicate‑submission prevention, and practical Spring Boot code examples, offering a comprehensive guide for protecting data exchange between services.

API SecurityJavaSpring Boot

0 likes · 21 min read

Common API Security Practices: Token, Timestamp, Signature, and Anti‑Replay Measures

21CTO

Jan 2, 2022 · Information Security

How to Secure Public APIs: Signatures, OAuth2, and Encryption Strategies

This article explains practical methods to protect externally exposed APIs, covering token‑based access, OAuth2.0 authorization, signature verification, encryption techniques (hashing, symmetric and asymmetric), key management, and provides Java code samples for DES and RSA implementations.

API SecurityJavaOAuth2

0 likes · 13 min read

How to Secure Public APIs: Signatures, OAuth2, and Encryption Strategies

Top Architect

Nov 9, 2021 · Information Security

Comparing JWT and OAuth2: Choosing the Right Approach for API Security

This article explains the fundamental differences between JSON Web Token (JWT) and OAuth2, outlines their structures, advantages, limitations, and typical use‑cases, and provides practical guidance on when to adopt each method for securing APIs.

API SecurityJWT

0 likes · 11 min read

Comparing JWT and OAuth2: Choosing the Right Approach for API Security

FunTester

Sep 12, 2021 · Information Security

Mastering Postman's Authorization Schemes: Basic, Digest, Hawk, and OAuth 1.0

This guide explains the five authorization methods supported by Postman—No Auth, Basic, Digest, Hawk, and OAuth 1.0—providing configuration details, example requests, and sample responses to help developers secure API calls effectively.

API SecurityAuthorizationBasic Auth

0 likes · 4 min read

Mastering Postman's Authorization Schemes: Basic, Digest, Hawk, and OAuth 1.0

Spring Full-Stack Practical Cases

Jul 26, 2021 · Information Security

Mastering JWT: Secure API Authentication with Spring Boot

This guide explains the fundamentals of JSON Web Tokens, their structure and claim types, typical use cases such as authorization and secure data exchange, and provides a step‑by‑step Spring Boot implementation including dependency setup, token generation, interceptor validation, and protected endpoint testing.

API SecurityAuthenticationJWT

0 likes · 7 min read

Mastering JWT: Secure API Authentication with Spring Boot

Selected Java Interview Questions

Jun 28, 2021 · Information Security

Designing Secure API Interfaces with Token, Timestamp, and Signature Mechanisms

The article explains how to secure API endpoints by combining token authentication, timestamp validation, and cryptographic signatures to prevent data tampering, replay attacks, and denial‑of‑service attempts, while offering guidance on practical trade‑offs.

API SecurityReplay Attack Preventionsignature

0 likes · 5 min read

Designing Secure API Interfaces with Token, Timestamp, and Signature Mechanisms

macrozheng

Jun 9, 2021 · Information Security

Secure API Authentication: Token vs Signature with Java Code

This article compares token-based and signature-based API authentication methods, discusses their advantages and drawbacks, and provides complete Java code examples—including JWT token utilities, authentication interceptors, and signature verification—to help developers implement robust API security in real-world projects.

API SecurityHTTPSJWT

0 likes · 13 min read

Secure API Authentication: Token vs Signature with Java Code

Java Architect Essentials

Jun 1, 2021 · Information Security

API Security Practices: Token, Timestamp, Signature, and Replay Prevention in Spring Boot

This article explains how to protect data exchange with third‑party systems by using access tokens, timestamps, cryptographic signatures, and duplicate‑submission safeguards, providing detailed Java/Spring Boot examples and code snippets for implementing secure API authentication and request validation.

API SecurityJavaSpring Boot

0 likes · 27 min read

API Security Practices: Token, Timestamp, Signature, and Replay Prevention in Spring Boot

Top Architect

Mar 2, 2021 · Information Security

Designing Secure API Authentication with Token and Signature in Java

This article explains how to secure app open‑API endpoints by using HTTPS, token‑based authentication, timestamp validation, and a URL‑signature algorithm implemented in Java, including detailed steps, interception rules, and sample code for generating and verifying signatures.

API SecurityBackend DevelopmentJava

0 likes · 8 min read

Designing Secure API Authentication with Token and Signature in Java

Code Ape Tech Column

Mar 2, 2021 · Information Security

How to Secure API Calls with Tokens, Timestamps, and Signatures in Spring Boot

This article explains how to protect API data exchange by using access tokens, timestamps, MD5 signatures, Redis caching, and a custom @NotRepeatSubmit annotation to prevent replay attacks and duplicate submissions in a Spring Boot backend.

API SecuritySpring BootThreadLocal

0 likes · 22 min read

How to Secure API Calls with Tokens, Timestamps, and Signatures in Spring Boot

21CTO

Feb 25, 2021 · Information Security

How to Secure Mobile API Calls with Token and Signature Design

This article explains how to secure mobile app open APIs by enforcing HTTPS, designing request signatures with timestamps and tokens, validating them on the server, and managing token‑UID relationships using Redis, complete with Java code examples for parameter extraction and signature generation.

API SecurityBackend DevelopmentHTTPS

0 likes · 7 min read

How to Secure Mobile API Calls with Token and Signature Design

21CTO

Feb 2, 2021 · Information Security

JWT vs OAuth2: Which Authentication Method Is Right for Your API?

This article explains the fundamental differences between JSON Web Tokens (JWT) and OAuth2, outlines their structures, security considerations, implementation details, and compares their advantages, drawbacks, and suitable use cases to help developers choose the appropriate method for securing APIs.

API SecurityAuthorizationJWT

0 likes · 10 min read

JWT vs OAuth2: Which Authentication Method Is Right for Your API?

Code Ape Tech Column

Feb 2, 2021 · Information Security

JWT vs OAuth2: Which API Security Method Fits Your Needs?

This article explains the fundamental differences between JSON Web Tokens (JWT) and OAuth 2.0, outlines their structures, roles, and grant types, compares implementation effort and risk, and provides guidance on choosing the right approach for various API security scenarios.

API SecurityAuthenticationAuthorization

0 likes · 11 min read

JWT vs OAuth2: Which API Security Method Fits Your Needs?

Code Ape Tech Column

Jan 29, 2021 · Information Security

Preventing API Parameter Tampering and Replay Attacks Using Timestamp and Nonce

This article explains how timestamp and nonce mechanisms can be combined to protect API endpoints from parameter tampering and replay attacks, illustrating the approach with a Java Spring interceptor that stores nonces in Redis and validates signatures on each request.

API SecurityJavaReplay attack

0 likes · 8 min read

Preventing API Parameter Tampering and Replay Attacks Using Timestamp and Nonce

Architecture Digest

Jan 26, 2021 · Information Security

API Request Signature Implementation and Best Practices

This article explains how to protect front‑back separated APIs using a request signature scheme, detailing the required parameters, signature generation algorithm, Java filter implementation, anti‑leech timing checks, nonce usage, and duplicate‑submission prevention with Redis.

API SecurityBackend DevelopmentJava

0 likes · 6 min read

API Request Signature Implementation and Best Practices

Sohu Tech Products

Jan 20, 2021 · Information Security

Securing Frontend‑Integrated APIs with Token, Timestamp, and Signature Validation in Spring

This article explains how to protect API endpoints that interact with front‑end applications by using token‑based authentication, timestamp checks, and MD5 signatures, detailing the implementation of open and secured controllers, login logic, signature verification, replay‑attack mitigation, and a Spring interceptor.

API SecurityInterceptorReplay attack

0 likes · 9 min read

Securing Frontend‑Integrated APIs with Token, Timestamp, and Signature Validation in Spring

Java Architect Essentials

Nov 25, 2020 · Information Security

API Interface Security: AccessKey/SecretKey, Token/AppKey, Signature Generation and Replay‑Attack Prevention

The article explains how to secure API interfaces by using AccessKey/SecretKey or Token/AppKey for identity verification, generating request signatures to prevent parameter tampering, and applying timestamp‑nonce mechanisms to defend against replay attacks, while providing concrete implementation examples in code.

API SecurityAccessKeyAuthentication

0 likes · 8 min read

API Interface Security: AccessKey/SecretKey, Token/AppKey, Signature Generation and Replay‑Attack Prevention

Programmer DD

Nov 5, 2020 · Information Security

How to Verify WeChat Pay V3 Response Signatures in Java

This guide explains why and how to verify WeChat Pay V3 response signatures using Java, covering certificate serial checks, constructing the verification string from response headers, and performing SHA256‑with‑RSA validation to ensure responses truly originate from the WeChat Pay server.

API SecurityJavaRSA

0 likes · 7 min read

How to Verify WeChat Pay V3 Response Signatures in Java

Architect

Oct 1, 2020 · Information Security

API Authentication and Request Signing with AccessKey/SecretKey, Token, and AppKey

The article explains how to secure API interfaces by using AccessKey/SecretKey, token, and AppKey for identity verification, parameter signing, and replay‑attack prevention through timestamp‑nonce mechanisms, and provides step‑by‑step client and server implementation examples.

API SecurityAccessKeyReplay attack

0 likes · 7 min read

API Authentication and Request Signing with AccessKey/SecretKey, Token, and AppKey

21CTO

Jul 22, 2020 · Information Security

Why RESTful API Security Matters and How to Protect Your APIs

This article explains the critical importance of securing RESTful APIs—covering data protection, DoS risks, and business impact—and outlines practical measures such as authentication, API keys, access control, rate limiting, and input validation with code examples.

API SecurityAuthenticationRESTful API

0 likes · 8 min read

Why RESTful API Security Matters and How to Protect Your APIs

Programmer DD

Jun 23, 2020 · Information Security

How to Secure API Calls with Tokens, Timestamps, and Signatures in Spring Boot

This article explains practical methods for protecting API data exchange—including token usage, timestamp validation, signature generation, duplicate‑submission prevention, and ThreadLocal context—provides implementation details with Spring Boot, Redis, and Java code examples, and discusses related security considerations such as DoS attacks.

API SecurityJavaSpring Boot

0 likes · 26 min read

Selected Java Interview Questions

Jun 17, 2020 · Information Security

API Security Practices: Tokens, Timestamps, Signatures, and Anti‑Replay Measures with Java Examples

This article explains common API security mechanisms such as token and user token usage, timestamp validation, signature generation, anti‑replay strategies, DoS attack types, and provides Java Spring Boot code examples for token handling, request interception, custom annotations, and ThreadLocal utilities.

API SecurityDoS protectionJava Spring

0 likes · 22 min read

API Security Practices: Tokens, Timestamps, Signatures, and Anti‑Replay Measures with Java Examples

Java Captain

May 31, 2020 · Information Security

Common API Security Practices: Token, Timestamp, Signature, and Duplicate Submission Prevention in Java

This article explains practical API security techniques for protecting data exchange with third‑party systems, covering token generation and storage, timestamp validation to mitigate DoS attacks, MD5‑based request signing with nonce, preventing duplicate submissions using Redis, and illustrates the concepts with comprehensive Java code examples.

API SecurityBackend DevelopmentJava

0 likes · 23 min read

Common API Security Practices: Token, Timestamp, Signature, and Duplicate Submission Prevention in Java

Architecture Digest

May 18, 2020 · Information Security

API Security Practices: Token, Timestamp, Signature, and Replay Protection in Java

This article explains common API security mechanisms such as token, timestamp, signature, and anti‑replay techniques, demonstrates how to prevent duplicate submissions, and provides complete Java Spring Boot code examples including interceptors, Redis configuration, and utility classes for secure API design.

API SecurityJavaSpring Boot

0 likes · 27 min read

API Security Practices: Token, Timestamp, Signature, and Replay Protection in Java

58 Tech

May 13, 2020 · Information Security

Dynamic Signature Strategies for API Security: Attack and Defense Techniques

This article explores the cat‑and‑mouse battle between crawlers and API endpoints, detailing how dynamic signatures, token‑based authentication, time‑bound hashes, rate‑limiting, and code obfuscation can be used to defend against scraping while also showing how attackers can reverse‑engineer and bypass these defenses.

API Securityanti‑crawlingcode obfuscation

0 likes · 12 min read

Dynamic Signature Strategies for API Security: Attack and Defense Techniques

Programmer DD

Apr 20, 2020 · Information Security

Essential API Security Measures and How to Implement Them

This article outlines key security mechanisms for public APIs—including data encryption, signing, timestamp validation, AppId authentication, rate limiting, blacklist handling, and data validation—and provides practical Java code examples for each technique.

API SecurityAuthenticationdata encryption

0 likes · 11 min read

Essential API Security Measures and How to Implement Them

Senior Brother's Insights

Jan 10, 2020 · Information Security

Essential API Security Measures: Encryption, Signing, Rate Limiting, and More

This guide outlines key API security strategies—including data encryption, digital signatures, timestamp validation, AppId authentication, rate limiting, blacklist handling, and data validation—explaining their purpose, implementation details, code examples, and practical considerations for protecting transaction-related endpoints.

API SecurityAppIdJava

0 likes · 10 min read

Essential API Security Measures: Encryption, Signing, Rate Limiting, and More

Programmer DD

Jan 9, 2020 · Information Security

Starbucks API Key Exposed on GitHub Leads to Critical JumpCloud Breach

A developer mistake exposed a Starbucks JumpCloud API key on GitHub, triggering a critical security breach that allowed attackers to access internal systems, manipulate user accounts, and even control AWS resources, ultimately resulting in a $4,000 bounty for the researcher.

API SecurityGitHub leakJumpCloud

0 likes · 4 min read

Starbucks API Key Exposed on GitHub Leads to Critical JumpCloud Breach

21CTO

Sep 2, 2018 · Information Security

How API Gateways Strengthen API Security: Benefits, Risks, and Best Practices

This article explores the critical role of API gateways in securing APIs, covering their advantages, drawbacks, common threats, authentication methods, communication safeguards, logging practices, and a shortlist of popular open‑source gateway solutions.

API SecurityAuthenticationThreat Protection

0 likes · 10 min read

How API Gateways Strengthen API Security: Benefits, Risks, and Best Practices

Programmer DD

Jun 10, 2018 · Information Security

How to Secure API Calls with End-to-End Encryption in Spring Boot and JavaScript

This guide explains practical methods to protect API data, covering HTTPS, request signing, SSL pinning, symmetric and asymmetric encryption, a Spring Boot starter for automatic request/response encryption, and JavaScript/Axios interceptors for client‑side encryption and decryption.

AES encryptionAPI SecurityHTTPS

0 likes · 11 min read

How to Secure API Calls with End-to-End Encryption in Spring Boot and JavaScript

Senior Brother's Insights

Jun 8, 2018 · Information Security

Secure API Calls with Spring Boot Starter Encrypt and JavaScript AES

This article explains how to protect data exchanged between front‑end and back‑end services by using HTTPS, request signing, SSL pinning, and a Spring Boot starter that transparently encrypts/decrypts all API traffic with AES, complemented by JavaScript AES utilities and Axios interceptors for front‑end encryption.

AES encryptionAPI SecurityBlockchain

0 likes · 11 min read

Secure API Calls with Spring Boot Starter Encrypt and JavaScript AES

Java Backend Technology

Jun 7, 2018 · Information Security

How to Secure API Calls with End-to-End Encryption Using Spring Boot

This article explains why API security is crucial in front‑end/back‑end separated systems and provides practical measures—including HTTPS, request signing, SSL pinning, and full request/response AES encryption—along with a Spring Boot starter and JavaScript Axios interceptor to protect data in transit.

AESAPI SecurityRSA

0 likes · 8 min read

How to Secure API Calls with End-to-End Encryption Using Spring Boot

Java Captain

Oct 27, 2017 · Information Security

Practical Tips for Securing and Optimizing Java APIs

This article presents a collection of straightforward, developer‑friendly techniques for enhancing Java API security and performance, covering API key protection, TLS adoption, Spring Boot web service creation, application monitoring, and safeguarding sensitive configuration files.

API SecurityPerformance MonitoringTLS

0 likes · 8 min read

Practical Tips for Securing and Optimizing Java APIs

Programmer DD

Aug 9, 2017 · Information Security

Secure Spring Boot APIs with OAuth2: A Hands‑On Tutorial

This article walks through building a Spring Boot application that protects HTTP endpoints using OAuth2, covering password and client‑credentials flows, Maven setup, resource and authorization server configuration, in‑memory users, token retrieval, and accessing secured resources with detailed code examples.

API SecurityClient CredentialsJava

0 likes · 13 min read

Secure Spring Boot APIs with OAuth2: A Hands‑On Tutorial