BestHub
Sign in
Tagged articles
9 articles
Page 1 of 1
Python Programming Learning Circle
Python Programming Learning Circle
Nov 1, 2024 · Backend Development

Designing a Python SDK for Cloud TTS Services: Critique and Refactoring of Volcengine's SDK

This article examines the shortcomings of Volcengine's Python TTS SDK, proposes a cleaner design using request interceptors or Auth objects, demonstrates refactored code examples with the Tetos library, and explains how to integrate signing logic into standard HTTP clients for more maintainable backend development.

BackendHTTPPython
0 likes · 10 min read
Designing a Python SDK for Cloud TTS Services: Critique and Refactoring of Volcengine's SDK
Architect
Architect
Oct 2, 2024 · Information Security

Preventing API Parameter Tampering and Replay Attacks with Signature Verification in Java

The article explains how exposed API endpoints can be intercepted and altered, and presents practical security measures—including HTTPS, encrypted parameters, timestamp‑based signatures, and a Spring Boot filter implementation—to detect and block tampering and replay attacks in a Java backend.

API SecurityJavaParameter encryption
0 likes · 8 min read
Preventing API Parameter Tampering and Replay Attacks with Signature Verification in Java
macrozheng
macrozheng
May 13, 2024 · Information Security

How to Secure APIs: Prevent Tampering and Replay Attacks with Spring Boot

This article explains why publicly exposed APIs are vulnerable to tampering and replay attacks, outlines anti‑tampering and anti‑replay strategies such as HTTPS, request signing, timestamp and nonce mechanisms, and provides a complete Spring Boot implementation with Redis support.

API SecurityAnti-replayJava
0 likes · 15 min read
How to Secure APIs: Prevent Tampering and Replay Attacks with Spring Boot
Full-Stack Internet Architecture
Full-Stack Internet Architecture
Apr 25, 2021 · Backend Development

Designing Duplicate Request Filtering: Challenges, Solutions, and Best Practices

The article examines why duplicate request filtering is a complex backend problem, explores various causes, discusses client‑side and server‑side strategies such as request IDs, Redis checks, distributed locks, and request signing, and highlights practical pitfalls and security considerations.

Idempotencyduplicate requestrequest signing
0 likes · 9 min read
Designing Duplicate Request Filtering: Challenges, Solutions, and Best Practices
21CTO
21CTO
Feb 25, 2021 · Information Security

How to Secure Mobile API Calls with Token and Signature Design

This article explains how to secure mobile app open APIs by enforcing HTTPS, designing request signatures with timestamps and tokens, validating them on the server, and managing token‑UID relationships using Redis, complete with Java code examples for parameter extraction and signature generation.

API SecurityBackend DevelopmentHTTPS
0 likes · 7 min read
How to Secure Mobile API Calls with Token and Signature Design
Architecture Digest
Architecture Digest
Jan 26, 2021 · Information Security

API Request Signature Implementation and Best Practices

This article explains how to protect front‑back separated APIs using a request signature scheme, detailing the required parameters, signature generation algorithm, Java filter implementation, anti‑leech timing checks, nonce usage, and duplicate‑submission prevention with Redis.

API SecurityBackend DevelopmentJava
0 likes · 6 min read
API Request Signature Implementation and Best Practices
System Architect Go
System Architect Go
Dec 29, 2017 · Information Security

Mitigating SMS API Abuse with Captcha, Signatures, and Third‑Party Verification

After suffering significant losses from malicious bulk requests to a registration‑focused SMS API, the author explains why simple phone‑number or IP restrictions are ineffective and proposes stronger defenses such as server‑validated captchas, request signatures, and integration with third‑party verification services like Geetest.

CaptchaGeetestSMS API
0 likes · 3 min read
Mitigating SMS API Abuse with Captcha, Signatures, and Third‑Party Verification