A technical analysis of Meltdown, which allows rogue processes to read all memory. This deep dive assumes some familiarity with CPU architecture and OS kernels.
Master debug an unresponsive Elasticsearch cluster with our simple tutorial guide. Try this efficient solution for buggy or unstable Elasticsearch setups.
Build a REST API using AWS Gateway and Python with our easy tutorial. Build secure and robust APIs that developers will love to build applications for.
With AWS Gateway, you can create RESTful APIs that expose your data and business to developers, who can then build great applications that consume your API.
Do you know what framework best fits your RESTful API needs? Check out our useful pros and cons list of popular frameworks and build a better API product.
Do you know which PHP framework is best for your REST API needs? Then, check out our pros and cons of the top five PHP REST API frameworks and build a better API product.
When working with user data, both data compliance and data privacy are important. Read more about the differences between data compliance and data privacy.
API providers want as many developers as possible to adopt and use their APIs. But what metrics matter most to the developer journey? The answer is in the data.
While highly scalable, Elastisearch is complex to set up. Read on for a cheat sheet for common integration issues, what they mean, and how to solve them.
Pay As You Go (PAYG) is a relatively new SaaS pricing model that drives growth and revenue. Learn what pricing model fits your API product and best practices.
API monetization is a great way to recoup your investment into your API programs. This guide discusses different API billing models and usage-based pricing
How to set up Elasticsearch and Kibana for User Behavior Analytics (UBA) in API Security Monitoring — Accurately identify API security vulnerabilities.
Can the API be called by browser web apps via AJAX, or only native devices?
If you call your API via cross origin AJAX requests, you can easily check the Origin Request Header if it matches your domain as part of CORS and ensure you set the appropiate Access-Control-Allow-Origin header, which is what we do at Moesif.
I didn't fully understand this question "s there need to exclude those endpoints from CSRF protection even those REST endpoints are called from JavaScript?"
What is you thinking of a reason to exclude REST endpoints from CSRF?
Comments
Apr 17, 2020 · Lawrence Ebringer
Thanks Mukesh!
Apr 17, 2020 · Lawrence Ebringer
Thanks Tugce!
Feb 20, 2020 · Lawrence Ebringer
Jun 14, 2017 · Derric Gilling
Yes, you can install it at: https://chrome.google.com/webstore/detail/apirequestio-ajax-capture/aeojbjinmmhjenohjehcidmappiodhjm
Feb 19, 2017 · Derric Gilling
Can the API be called by browser web apps via AJAX, or only native devices?
If you call your API via cross origin AJAX requests, you can easily check the Origin Request Header if it matches your domain as part of CORS and ensure you set the appropiate Access-Control-Allow-Origin header, which is what we do at Moesif.
https://www.moesif.com/blog/technical/cors/Authoritative-Guide-to-CORS-Cross-Origin-Resource-Sharing-for-REST-APIs/
This is also helpful:
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
I didn't fully understand this question "s there need to exclude those endpoints from CSRF protection even those REST endpoints are called from JavaScript?"
What is you thinking of a reason to exclude REST endpoints from CSRF?