REST API CURL - NOT SSL Encrypted - Security?
I am hosting a script on my site, it will call the site from the domain name, using Curl and REST API, I can't get the REST API working with the SSL Cert, I am not sure why. But if I don't use the SSL and just send it unencrypted, does that mean someone on another pc somewhere can intercept my calls? Or would they need access to my sever to be able to "listen in"? Basically I want to know how risky it is (will i get hacked) if I don't encrypted the calls?
If you are not using TLS while making calls to the REST API upstream, all the requests and responses will be sent as plaintext. Since, you are making the calls upstream, whoever is present in the network path upstream, will be able to intercept your traffic. That typically means your site (or VPS) host, the ISP they use and whomever present in the logical network path up until the server hosting the service. If they are malicious they can tamper the data or log confidential information you send or receive. does that mean someone on another pc somewhere can intercept my calls? No, it is not like anyone on the internet can intercept your data. It is only the devices through which your packets are getting routed through will have the powers to intercept them. Or would they need access to my sever to be able to "listen in"? No, they do not need access to your server to do that. They can passively intercept the incoming and outgoing data. Summary It is always risky when you do not make use of TLS. But, you must already trust your host and the ISP they use, to have signed up with them. Although the attack surface is reduced in your case, it is not zero. So, I would highly recommend going with the TLS version of the API. Better safe than to be sorry.
Drupal 8 REST View Taxonomy path
Java REST threads are in RUNNABLE state forever in wildfly 10.0
RAML definition reusable sub-route
Connect Listener using REST?
How to implement oauth2 in angular2 with rest api?
Magento 1.9x Rest Api how to create action url for customer,category,cart details etc?
Suitescript 2.0 setting coupons and partner codes
Handle Timeout in Batch Processing API
Use credit card token rest api paypal
ServiceAccout has empty calendarList after sharing a calendar has been shaired with it
Retrieve only specific properties with REST GET API
Appropriate use of 404 response
How to make an api call anonymously with Sylius-standard?
I want to list all the subfolder inside a container using azure storage api
Is it useful to use CSRF token protection for Symfony 3 API REST and Angular webapp with JWT?
How to add http headers to Apache Jena QueryEngineHTTP query?