JSON/REST over HTTPS + WS Security possible?

701 views Asked by At

We have a new security person at the office doing some penetration tests on the APIs I've put in place.

He pointed out that we are not using WS Security on top of the JSON/REST service we are exposing over HTTPS to the outside world.

My question is, is it really possibly to combine WS Security with JSON/REST services?

To my knowledge, WS Security have nothing to do with JSON/REST service at all.. It is used for regular Web services, embedding extra security elements in the SOAP envelope. But, we are not using SOAP for the APIs...

0

There are 0 answers