As RESTful web services use the HTTP transport protocol for communication, they are equally vulnerable to security risks observed with web applications. Often, the development of RESTful web services is focused on the functional requirements, and the security requirements get overlooked. As a best practice, a RESTful web service must be designed considering the security requirements to ensure that it is made bulletproof from security threats or attacks.

In this chapter, you will learn the different ways of securing RESTful web services from a development standpoint, and you will learn the applicable best practices. The following topics are discussed in this chapter:

• HTTP basic authentication
• HTTP digest authentication
• JWT authentication
• Securing RESTful web services with OAuth
• Authorizing the RESTful web service accesses
• Input validation
• Best practices for securing RESTful services