I need to implement a web service that will receive a callback.
In my web application I will need to implement something like this:
http://mywebsite.com/callback?key=[an_anti_phishing_key]&otherparam1=[something1]&otherparam2=[something2]
A detailed explanation. There will be a 3rd party service that will request this URL with this parameters. And this service need that I implement an "anti phishing key" so that they can communicate securely with mywebsite.com
My doubt here is how to implement this anti phishing key in a secure manner.
Any ideas of possible implementations?
If you do a
GET
request as a client to the server overHTTP
, it is susceptible to a Man-in-the-middle attack. What you can do is to allow onlyPOST
requests overHTTPS
. That would be more secure than the former.