PL EN


2016 | 5 | 3 | 358-369
Article title

REST API SAFETY ASSURANCE BY MEANS OF HMAC MECHANISM

Content
Title variants
Languages of publication
EN
Abstracts
EN
The HMAC mechanism that enables authentication REST services and assures their integrity, non-repudiation and confidentiality, has been presented in this article. A demonstration Restful API has been implemented using Slim Framework, in which several endpoints for login, test route available only for registered users and authenticated by means of HMAC mechanism, have been assigned. The solution proposed here suggests an alternative that is easy to implement compared to other well-known methods of authentication and authorization.
Year
Volume
5
Issue
3
Pages
358-369
Physical description
Dates
published
2016
Contributors
  • Department of Automatic Control and Information Technology, Cracow University of Technology (PK)
References
  • Webber J., Parastatidis S., Robinson I. (2010) REST in Practice: Hypermedia and Systems Architecture, O'Reilly Media, 1 edition.
  • Mehta B. (2014) RESTful Java Patterns and Best Practices, Packt Publishing.
  • Richardson L., Amundsen M, Ruby S. (2013) RESTful Web APIs, O'Reilly Media.
  • Fielding R.T. (2000) Architectural Styles and the Design of Network-based Software Architectures, Chapter 5, Dissertation, University Of California, Irvine.
  • JSON, (online) homepage: http://json.org/ (date of access: 2016-02-05)
  • XML, (online) homepage: http://www.w3.org/XML/ (date of access: 2016-02-05)
  • Slim Framework, a micro framework for PHP (online) homepage: http://www.slim- framework.com/ (date of access: 2016-02-05)
  • Slim Framework, Middleware-Overview (online) homepage: http://docs.slim- framework.com/#Middleware-Overview (date of access: 2016-02-05)
  • hash_hmac(), (online) homepage: http://php.net/manual/en/function.hash-hmac.php (date of access: 2016-02-05)
  • Krawczyk H., Bellare M., and Canetti R. (1997) HMAC: Keyed-Hashing for Message Authentication, Internet Engineering Task Force, Request for Comments (RFC) 2104.
  • National Institute of Standards and Technology (2008) Secure Hash Standards (SHS), Federal Information Processing Standards Publication 180-3.
  • NIST Special Publication (SP) 800-57 (2007) Recommendation for Key Management – Part 1: General (Revised).
  • NIST Special Publication (SP) 800-107 (2009) Recommendation for Applications Using Approved Hash Algorithms.
  • Hash-based Message Authentication Code (HMAC) definition, (online) homepage: http://searchsecurity.techtarget.com/definition/Hash-based-Message-Authentication-Code-HMAC (date of access: 2016-02-05)
  • Using HMAC to authenticate Web service requests, (online) homepage: http://rc3.org/2011/12/02/using-hmac-to-authenticate-web-service-requests/ (date of access: 2016-02-05)
Document Type
Publication order reference
Identifiers
ISSN
2084-5537
YADDA identifier
bwmeta1.element.desklight-0fe6306e-e1e8-4dab-973c-941b092fa8af
JavaScript is turned off in your web browser. Turn it on to take full advantage of this site, then refresh the page.