REST API CURL - NOT SSL Encrypted - Security?
I am hosting a script on my site, it will call the site from the domain name, using Curl and REST API, I can't get the REST API working with the SSL Cert, I am not sure why. But if I don't use the SSL and just send it unencrypted, does that mean someone on another pc somewhere can intercept my calls? Or would they need access to my sever to be able to "listen in"? Basically I want to know how risky it is (will i get hacked) if I don't encrypted the calls?
If you are not using TLS while making calls to the REST API upstream, all the requests and responses will be sent as plaintext. Since, you are making the calls upstream, whoever is present in the network path upstream, will be able to intercept your traffic. That typically means your site (or VPS) host, the ISP they use and whomever present in the logical network path up until the server hosting the service. If they are malicious they can tamper the data or log confidential information you send or receive. does that mean someone on another pc somewhere can intercept my calls? No, it is not like anyone on the internet can intercept your data. It is only the devices through which your packets are getting routed through will have the powers to intercept them. Or would they need access to my sever to be able to "listen in"? No, they do not need access to your server to do that. They can passively intercept the incoming and outgoing data. Summary It is always risky when you do not make use of TLS. But, you must already trust your host and the ISP they use, to have signed up with them. Although the attack surface is reduced in your case, it is not zero. So, I would highly recommend going with the TLS version of the API. Better safe than to be sorry.
Traverse all outgoing relationships in neo4j rest api
OpenRasta accessing sub elements
how can i connect my blackberry app to my website rest API?
Is there a way to enforce request origination with REST services
REST: how to tell server to do some background process
Why use JAX-RS / Jersey?
RESTful design: using ETag and If-None-Match for fetching new items in a collection?
restful api .. session security
Scalability of Rest-based web services
Proper HTTP response for unsupported page format (e.g. xml)?
How to specify additional action for rest URI
POST to create a resource vs creating a new path element in REST
Implementing Rest Easy with Tomcat
Contextual GWT Gadget and RPC Servlet on Google App Engine
Is there a way to use pure RESTful API to access DropBox rather than using its SDK?
JAX-RS and unknown query parameters