Popular posts

CommentHow to design better APIs

CM

Christos Matskas

Mar 11, 2022

API keys can be easily stolen and distributed. You should use OAuth2 for securing access to your api endpoints
expanding objects can lead to security issues. Attackers can run queries that take up significant system resources. Such a query can disrupt your service. Attackers can access sensitive information from a clever join.

Otherwise, nice blog post

RB

Ronald Blüthl

Entrepreneur and software engineer

Mar 12, 2022

Thank you for your feedback Christos Matskas!

I'm not sure if I agree whether expanding resources can lead to security issues. It's typically a responsibility of the API not to disclose any sensitive information from the database. If you're not transferring database objects directly (which you probably shouldn't), I don't see a big problem.

What do you think?

Search Hashnode