REST API SAFETY ASSURANCE BY MEANS OF HMAC MECHANISM
Languages of publication
The HMAC mechanism that enables authentication REST services and assures their integrity, non-repudiation and confidentiality, has been presented in this article. A demonstration Restful API has been implemented using Slim Framework, in which several endpoints for login, test route available only for registered users and authenticated by means of HMAC mechanism, have been assigned. The solution proposed here suggests an alternative that is easy to implement compared to other well-known methods of authentication and authorization.
- Webber J., Parastatidis S., Robinson I. (2010) REST in Practice: Hypermedia and Systems Architecture, O'Reilly Media, 1 edition.
- Mehta B. (2014) RESTful Java Patterns and Best Practices, Packt Publishing.
- Richardson L., Amundsen M, Ruby S. (2013) RESTful Web APIs, O'Reilly Media.
- Fielding R.T. (2000) Architectural Styles and the Design of Network-based Software Architectures, Chapter 5, Dissertation, University Of California, Irvine.
- JSON, (online) homepage: http://json.org/ (date of access: 2016-02-05)
- XML, (online) homepage: http://www.w3.org/XML/ (date of access: 2016-02-05)
- Slim Framework, a micro framework for PHP (online) homepage: http://www.slim- framework.com/ (date of access: 2016-02-05)
- Slim Framework, Middleware-Overview (online) homepage: http://docs.slim- framework.com/#Middleware-Overview (date of access: 2016-02-05)
- hash_hmac(), (online) homepage: http://php.net/manual/en/function.hash-hmac.php (date of access: 2016-02-05)
- Krawczyk H., Bellare M., and Canetti R. (1997) HMAC: Keyed-Hashing for Message Authentication, Internet Engineering Task Force, Request for Comments (RFC) 2104.
- National Institute of Standards and Technology (2008) Secure Hash Standards (SHS), Federal Information Processing Standards Publication 180-3.
- NIST Special Publication (SP) 800-57 (2007) Recommendation for Key Management – Part 1: General (Revised).
- NIST Special Publication (SP) 800-107 (2009) Recommendation for Applications Using Approved Hash Algorithms.
- Hash-based Message Authentication Code (HMAC) definition, (online) homepage: http://searchsecurity.techtarget.com/definition/Hash-based-Message-Authentication-Code-HMAC (date of access: 2016-02-05)
- Using HMAC to authenticate Web service requests, (online) homepage: http://rc3.org/2011/12/02/using-hmac-to-authenticate-web-service-requests/ (date of access: 2016-02-05)
Publication order reference