API security question: SSL or more? -
I am developing an API for a web application. Desktop clients will interact with the API using simple HTTP post (REST). I am using SSL, there is no question about it. My question is: Should I encrypt the data before sending it over SSL? The information that is being sent may contain confidential information whether the SSL is sufficient or should I do more? My only concern with adding additional layers of security is that it would be a lot of hardship for people to interact with the API. Any ideas about this will be highly appreciated.
No, SSL provides robust encryption because it is. Just make sure that you force the customers to use HTTPS, and if you've actually gone crazy, check if cyber is strong enough.
The only reason is that you want to encrypt the second time, if your web application sends data directly to any other system, in that case, you can keep the unknown web application and the client and the final You can provide end-to-end encryption between destinations.
Comments
Post a Comment