REST API CURL - NOT SSL Encrypted - Security?
I am hosting a script on my site, it will call the site from the domain name, using Curl and REST API, I can't get the REST API working with the SSL Cert, I am not sure why. But if I don't use the SSL and just send it unencrypted, does that mean someone on another pc somewhere can intercept my calls? Or would they need access to my sever to be able to "listen in"? Basically I want to know how risky it is (will i get hacked) if I don't encrypted the calls?
If you are not using TLS while making calls to the REST API upstream, all the requests and responses will be sent as plaintext. Since, you are making the calls upstream, whoever is present in the network path upstream, will be able to intercept your traffic. That typically means your site (or VPS) host, the ISP they use and whomever present in the logical network path up until the server hosting the service. If they are malicious they can tamper the data or log confidential information you send or receive. does that mean someone on another pc somewhere can intercept my calls? No, it is not like anyone on the internet can intercept your data. It is only the devices through which your packets are getting routed through will have the powers to intercept them. Or would they need access to my sever to be able to "listen in"? No, they do not need access to your server to do that. They can passively intercept the incoming and outgoing data. Summary It is always risky when you do not make use of TLS. But, you must already trust your host and the ISP they use, to have signed up with them. Although the attack surface is reduced in your case, it is not zero. So, I would highly recommend going with the TLS version of the API. Better safe than to be sorry.
spring boot integration test rest
WSO2 BAM: howto send log event via REST endpoint
No more Global.asax, but OWIN Startup.cs
Should a wrong parameter passed via REST call throw an error?
SAP BO Rest service call doesn't return opendocument url
Symfony 3 rest API query string
Magento 2 Rest api to create order not adding shipping address
RAML API baseUriParameters unused template parameter error
How to extend the Expiry of a Document DB REST API Resource Token
Search string formatting in Elouqa API
How to serialise and deserialise java8 optional using jackson and rest webservice
Sending Microsoft Graph request events returns 400
How can I pass an argument containing a period in the path for the Drupal module Services?
Eloqua bulk REST API gives serialization error
REST url proper format
Restfull API with only PATCH requests instead of PUT for better extensibility?