Topic by Hanna Abi Akl
Hello dears,
We are currently creating REST APIs with the Connect PHP model. We rely on these heavily to read/create objects and query important information.
However, since these pages are published, anyone with the url is able to access the information they return.
My question is: is there a way to secure these pages? Is there a best practices document/thread/guideline recommended by Oracle when it comes to securing custom REST APIs?
Currently the security method we are adopting is posting username/password credentials from a back-end server to our API page and performing a validation check before querying the info.
Any help with this would be greatly appreciated.
Thanks,
Hanna