rest


REST API CURL - NOT SSL Encrypted - Security?


I am hosting a script on my site, it will call the site from the domain name, using Curl and REST API,
I can't get the REST API working with the SSL Cert, I am not sure why.
But if I don't use the SSL and just send it unencrypted, does that mean someone on another pc somewhere can intercept my calls? Or would they need access to my sever to be able to "listen in"?
Basically I want to know how risky it is (will i get hacked) if I don't encrypted the calls?
If you are not using TLS while making calls to the REST API upstream, all the requests and responses will be sent as plaintext.
Since, you are making the calls upstream, whoever is present in the network path upstream, will be able to intercept your traffic. That typically means your site (or VPS) host, the ISP they use and whomever present in the logical network path up until the server hosting the service. If they are malicious they can tamper the data or log confidential information you send or receive.
does that mean someone on another pc somewhere can intercept my calls?
No, it is not like anyone on the internet can intercept your data. It is only the devices through which your packets are getting routed through will have the powers to intercept them.
Or would they need access to my sever to be able to "listen in"?
No, they do not need access to your server to do that. They can passively intercept the incoming and outgoing data.
Summary
It is always risky when you do not make use of TLS. But, you must already trust your host and the ISP they use, to have signed up with them. Although the attack surface is reduced in your case, it is not zero. So, I would highly recommend going with the TLS version of the API.
Better safe than to be sorry.

Related Links

Drupal 8 REST View Taxonomy path
Java REST threads are in RUNNABLE state forever in wildfly 10.0
RAML definition reusable sub-route
Connect Listener using REST?
How to implement oauth2 in angular2 with rest api?
Magento 1.9x Rest Api how to create action url for customer,category,cart details etc?
Suitescript 2.0 setting coupons and partner codes
Handle Timeout in Batch Processing API
Use credit card token rest api paypal
ServiceAccout has empty calendarList after sharing a calendar has been shaired with it
Retrieve only specific properties with REST GET API
Appropriate use of 404 response
How to make an api call anonymously with Sylius-standard?
I want to list all the subfolder inside a container using azure storage api
Is it useful to use CSRF token protection for Symfony 3 API REST and Angular webapp with JWT?
How to add http headers to Apache Jena QueryEngineHTTP query?

Categories

HOME
cakephp-3.x
ssas-2012
semantic-ui
nlp
wmic
mapping
translation
fparsec
agile
smartphone
actionscript
survival-analysis
phpstorm
webdav
branch.io
adsense
triggers
spring-cloud-contract
websphere-liberty
deeplearning4j
unity2d
abcpdf
uiview
sign
saiku
distance
tortoisegit
thingsboard
azure-servicebus-queues
philips-hue
jflex
lync-2013
cep
mef2
metadata-extractor
vcard
mangodb
autofill
protobuf-net
svnkit
freebase
swiftcharts
salesforce-chatter
haskell-pipes
nashorn
knockout-3.0
service-fabric-stateful
rkt
fastq
tableau-server
rhel6
shinyjs
pdfkit
sql-import-wizard
spring-ioc
chessboard.js
unsatisfiedlinkerror
asteriskami
pagekit
spring-lemon
date-format
freefem++
mpeg-4
void
intellitest
vips
oai
python-winshell
playscape
twitter-rest-api
ibm-data-studio
swift2.1
google-hadoop
stackframe
client-side-validation
hidden-field
ogr2ogr
humanizer
ember-addon
colt
factors
visual-c++-2010-express
sslexception
astyanax
nscolor
haskell-platform
fieldset
abnf
snapjs
pitch
n-layer
querystringparameter
serp
executable-format
goliath
gtk2hs
nagle
audiostreamer
.app
j-interop
hibernate3-maven-plugin
sitemappath
asp.net-mvc-controller
integer-promotion
usability-testing
usergroups

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App