REST API SAFETY ASSURANCE BY MEANS OF HMAC MECHANISM

• Authors: Nowakowski Grzegorz
• Languages of publication: EN

Abstracts

EN

The HMAC mechanism that enables authentication REST services and assures their integrity, non-repudiation and confidentiality, has been presented in this article. A demonstration Restful API has been implemented using Slim Framework, in which several endpoints for login, test route available only for registered users and authenticated by means of HMAC mechanism, have been assigned. The solution proposed here suggests an alternative that is easy to implement compared to other well-known methods of authentication and authorization.

Keywords

EN

REST (Representational State Transfer); HMAC (Keyed-Hash Message Authentication Code); API (Application Programming Interface); cryptography

• Publisher: Katedra Informatyki Szkoła Główna Gospodarstwa Wiejskiego w Warszawie
• Journal: Information Systems in Management
• Year: 2016
• Volume: 5
• Issue: 3
• Pages: 358-369

Dates

published

2016

Contributors

author

Nowakowski Grzegorz

• Department of Automatic Control and Information Technology, Cracow University of Technology (PK)

References

• Webber J., Parastatidis S., Robinson I. (2010) REST in Practice: Hypermedia and Systems Architecture, O'Reilly Media, 1 edition.
• Mehta B. (2014) RESTful Java Patterns and Best Practices, Packt Publishing.
• Richardson L., Amundsen M, Ruby S. (2013) RESTful Web APIs, O'Reilly Media.
• Fielding R.T. (2000) Architectural Styles and the Design of Network-based Software Architectures, Chapter 5, Dissertation, University Of California, Irvine.
• JSON, (online) homepage: http://json.org/ (date of access: 2016-02-05)
• XML, (online) homepage: http://www.w3.org/XML/ (date of access: 2016-02-05)
• Slim Framework, a micro framework for PHP (online) homepage: http://www.slim- framework.com/ (date of access: 2016-02-05)
• Slim Framework, Middleware-Overview (online) homepage: http://docs.slim- framework.com/#Middleware-Overview (date of access: 2016-02-05)
• hash_hmac(), (online) homepage: http://php.net/manual/en/function.hash-hmac.php (date of access: 2016-02-05)
• Krawczyk H., Bellare M., and Canetti R. (1997) HMAC: Keyed-Hashing for Message Authentication, Internet Engineering Task Force, Request for Comments (RFC) 2104.
• National Institute of Standards and Technology (2008) Secure Hash Standards (SHS), Federal Information Processing Standards Publication 180-3.
• NIST Special Publication (SP) 800-57 (2007) Recommendation for Key Management – Part 1: General (Revised).
• NIST Special Publication (SP) 800-107 (2009) Recommendation for Applications Using Approved Hash Algorithms.
• Hash-based Message Authentication Code (HMAC) definition, (online) homepage: http://searchsecurity.techtarget.com/definition/Hash-based-Message-Authentication-Code-HMAC (date of access: 2016-02-05)
• Using HMAC to authenticate Web service requests, (online) homepage: http://rc3.org/2011/12/02/using-hmac-to-authenticate-web-service-requests/ (date of access: 2016-02-05)

Identifiers

ISSN

2084-5537