Security & Networking

API Security Best Practices

Securing REST APIs with authentication and rate limiting.

Authentication Methods

# API Keys
X-API-Key: abc123xyz789

# Bearer Tokens (JWT)
Authorization: Bearer eyJhbGci...

# Basic Auth
Authorization: Basic dXNlcjpwYXNz

# OAuth 2.0
Authorization: Bearer {token}

Rate Limiting

# Express rate limiter
const rateLimit = require("express-rate-limit");

const limiter = rateLimit({
    windowMs: 15 * 60 * 1000,
    max: 100
});

app.use("/api/", limiter);

Input Validation

# Validate all inputs
const schema = {
    email: /^[^\s@]+@[^\s@]+$/,
    age: (val) => val >= 0 && val <= 120
};

# Sanitize inputs
const clean = input.trim().toLowerCase();

Security Headers

# Essential headers
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000

# Express helmet
const helmet = require("helmet");
app.use(helmet());

HTTPS Only

# Redirect to HTTPS
app.use((req, res, next) => {
    if (!req.secure) {
        return res.redirect(301, "https://" + req.headers.host + req.url);
    }
    next();
});

Related References

Security & Networking

CORS Basics

Cross-Origin Resource Sharing configuration and headers.
Security & Networking

CSRF & XSS Prevention

Preventing Cross-Site Request Forgery and Cross-Site Scripting attacks.
Security & Networking

DNS Basics

Domain Name System records and configuration.