rest


REST API CURL - NOT SSL Encrypted - Security?


I am hosting a script on my site, it will call the site from the domain name, using Curl and REST API,
I can't get the REST API working with the SSL Cert, I am not sure why.
But if I don't use the SSL and just send it unencrypted, does that mean someone on another pc somewhere can intercept my calls? Or would they need access to my sever to be able to "listen in"?
Basically I want to know how risky it is (will i get hacked) if I don't encrypted the calls?
If you are not using TLS while making calls to the REST API upstream, all the requests and responses will be sent as plaintext.
Since, you are making the calls upstream, whoever is present in the network path upstream, will be able to intercept your traffic. That typically means your site (or VPS) host, the ISP they use and whomever present in the logical network path up until the server hosting the service. If they are malicious they can tamper the data or log confidential information you send or receive.
does that mean someone on another pc somewhere can intercept my calls?
No, it is not like anyone on the internet can intercept your data. It is only the devices through which your packets are getting routed through will have the powers to intercept them.
Or would they need access to my sever to be able to "listen in"?
No, they do not need access to your server to do that. They can passively intercept the incoming and outgoing data.
Summary
It is always risky when you do not make use of TLS. But, you must already trust your host and the ISP they use, to have signed up with them. Although the attack surface is reduced in your case, it is not zero. So, I would highly recommend going with the TLS version of the API.
Better safe than to be sorry.

Related Links

spring boot integration test rest
WSO2 BAM: howto send log event via REST endpoint
No more Global.asax, but OWIN Startup.cs
Should a wrong parameter passed via REST call throw an error?
SAP BO Rest service call doesn't return opendocument url
Symfony 3 rest API query string
Magento 2 Rest api to create order not adding shipping address
RAML API baseUriParameters unused template parameter error
How to extend the Expiry of a Document DB REST API Resource Token
Search string formatting in Elouqa API
How to serialise and deserialise java8 optional using jackson and rest webservice
Sending Microsoft Graph request events returns 400
How can I pass an argument containing a period in the path for the Drupal module Services?
Eloqua bulk REST API gives serialization error
REST url proper format
Restfull API with only PATCH requests instead of PUT for better extensibility?

Categories

HOME
sas
nuxeo
uibutton
qpython3
actionscript
algorithmic-trading
google-spreadsheet-api
contact-form-7
dropbox
eclipse-cdt
abcpdf
public-key-encryption
cloudflare
bar-chart
ios10.3
tortoisegit
koa
sql-update
onesignal
chrome-native-messaging
dpi
multichoiceitems
cortex-m3
configure
datadog
ivy
ioc-container
piecewise
spreedly
dql
alchemy.js
microdata
constants
intersystems-ensemble
taglib
encapsulation
production-environment
webdatagrid
spell-checking
windows-95
mbaas
pagefile
photography
mercury
addin-express
svn-merge
iostat
mailcatcher
mix
freetype2
django-filer
gradle-eclipse
spatial-query
fill
sourcegear-vault
datasnap
webhdfs
mptcp
base32
gulp-livereload
google-plus-one
chaining
orientation-changes
odftoolkit
suffix-array
java-collections-api
csplit
korma
android-looper
voldemort
hamsterdb
installshield-2011
multiple-conditions
symphony-cms
fieldset
xml-libxml
template-haskell
tridion2009
returnurl
datarepeater
icefaces-3
mpmovieplayer
law-of-demeter
separation-of-concerns
text-size
webkit-transform
for-xml-path
nagle
squeel
getresource
recordset
internals
standardized

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App