Question

135

How to Encrypt password for REST API authentication

rated 0 times [ 137] [ 2] / answers: 1 / hits: 10257 / 9 Years ago, tue, may 12, 2015, 12:00:00

There is a lot resources about how to secure REST API access, but this not what I am looking for. I am going to use provided REST API with Basic Authentication (and this cannot be changed easily :( ).

Obviously I can go with:

var requestOptions = {

    hostname: rest.api.url.com,

    path: /path/,

    auth: username:password

};



var req = http.request(requestOptions, function (res) {

    // some code here

    });

Is there a way to not provide password in plain text in the script?

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

dequant

Add To Favorites

Follow

Total Points: 88

Total Questions: 99

Total Answers: 95

Location: Ukraine

Member since Sun, Dec 13, 2020

4 Years ago

answered 9 Years ago dahlias · Accepted Answer

Is there a way to not provide password in plain text in the [JavaScript]?

Client-side JavaScript will always be vulnerable to tampering and modification, including reversing any "encrypted" passwords you store in the client-side script. You can obfuscate your code all you like, but if the password is present in any form in your client script, it is accessible.

I am going to use a provided REST API with Basic Authentication (and this cannot be changed easily

Since you can't change the REST API to use something like tokens or SSL, one solution that comes to mind is to have an intermediary between your server and the REST API which does use SSL. Communicate securely with some server-side script on your server, and have this script proxy the requests and responses from the REST API.

Resources:

How to encrypt data in javascript and decrypt in php?

Secure communication between JavaScript and a Web service in PHP

How to secure the password while it being sent using AJAX?