Webservice - How to implement an anti phishing key in a service that accept a callback

283 views Asked by At

I need to implement a web service that will receive a callback.

In my web application I will need to implement something like this:

http://mywebsite.com/callback?key=[an_anti_phishing_key]&otherparam1=[something1]&otherparam2=[something2]

A detailed explanation. There will be a 3rd party service that will request this URL with this parameters. And this service need that I implement an "anti phishing key" so that they can communicate securely with mywebsite.com

My doubt here is how to implement this anti phishing key in a secure manner.

Any ideas of possible implementations?

1

There are 1 answers

0
Pradeep Pati On

If you do a GET request as a client to the server over HTTP, it is susceptible to a Man-in-the-middle attack. What you can do is to allow only POST requests over HTTPS. That would be more secure than the former.