Web API Azure .net c# request, visible to others, content of URL

My question is, can someone see your full URL web API, that you developed when a user makes a request with that URL get/post/delete/put ? Can they see in network traffic your Web APIs URL that are being called?
Example of URL: https://webapiserver.azure.com/something/something/Username/password
Can you actually see these content when the request is being made from a user, lets say i am developing an Android application, and inside that application, i make these kind of API request, and i worrying about the security, if an ‘attacker’ can see the content..

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

You can focus on these to secure your server connection.

All request URLs are visible to outside.
Never ever send passwords or any sensitive information through URLs.
URL can have insensitive parameters like pageno, sort-order etc..

If you want to authenticate a user, Go for a POST request where
username and password are inside the POST body. This alone won’t
secure you however.

Use

POST: http://yourapp.com/api/authenticate
BODY:
{
   "username": "admin",
   "password": "some_hashed_password"
}

Instead of
GET: http://yourapp.com/api/authenticate?username=admin&password=some_hashed_password

Always use SSL to connect to API

You should always use SSL to secure your API.
SSL encrypts your request and response. Your URL will be still visible but payloads will be encrypted.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x