Using HTTPS or encrypt response myself

67 views Asked by At

Currently, My site is facing many bad requests, and i want to encrypt the response in order to reduce those bad requests. My first idea is that let client side invokes my site's api with their unique signature which is allocated by me,

e.g. http://www.my_api/?query=aa&sign=unique_string.

And then i verify the signature, if it's valid, i encrypt the response with the signature by some encryption algorithm. Then let client side decrypt the response by its signature.

I wonder whether it is a common way?

And i've also heard about HTTPS. Can HTTPS solve my problem? If so, which is better, or please share your idea.

1

There are 1 answers

0
Rupali K On

You should go for HTTPS. Using HTTPS provides authentication mechanism which helps to get rid of MITM attacks. It protects you from Information Disclosure and Tampering of the data as it encrypts the communication between the client and the server (and vice versa).