Link to home
Start Free TrialLog in
Avatar of curiouswebster
curiouswebsterFlag for United States of America

asked on

How to protect your own Web Service call?

I need to call a Web Method on an API I am using, and will locate this call to the API, on the server side, so that the API keys can be hidden. But, I still need to make A call from the client, and could make a wrapper function which implements my own security, then calls to the API securely.

Since I will have control of both ends of my call, the Javascript client and my wrapper Web Method, what are my options?

I will not have the ability to lock down access to my HTML page, since my HTML/Javascript will be part of a larger page.

Thoughts?
Avatar of Bembi
Bembi
Flag of Germany image

Hello,
I mean it is a common construction to work with a middle tier, imagine all databases applications will do that. The end user coomunicates to a web service and the webservice controls access to lower shells. The only point you have to take into account is, where the middel tier is executed, as java is (usually) a client executed language while others like php or aspx or executed on the server.  So you have to make sure that your java codes (at leas the middle tier) runs on the server to be invisible by the client. 
ASKER CERTIFIED SOLUTION
Avatar of David Favor
David Favor
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of curiouswebster

ASKER

I guess that is the heart of the question, HTTPS.

So long as I have the SSL certificate for that domain where my webpage is hosted, HTTPS will encrypt the conversation, and not need credentials or keys, because no other webpage can make that call to my webservice. This is why no keys or password are needed for a webservice I host at my domain, the same domain as where the HTML/JS file is hosted.

True?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial