SECURE FRAMEWORK FOR INVOKING SERVER-SIDE APIS USING AJAX
First Claim
1. A method for securely invoking a server-side Application Programming Interface (API), the method comprising:
- receiving, from a client-side component of a Web application, a request to invoke an API hosted on a server, wherein the request is sent asynchronously by the client-side component using AJAX;
invoking a security handler configured to process the request in a manner that mitigates a plurality of different types of Web application or AJAX security attacks;
invoking the API on the server; and
sending a response comprising output data generated by the API to the client-side component.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for securely invoking a server-side API from client-side Web application code using AJAX. In one set of embodiments, a request to invoke a server-side API is received from a client-side component of a Web application, where the request is sent asynchronously using AJAX. One or more security handlers are then invoked to process the request in a manner that mitigates various security attacks. In one embodiment, a security handler is invoked to defend against a plurality of different types of Web application/AJAX security attacks. In another embodiment, authentication and authorization security handlers are invoked to authenticate a user of the Web application that originated the request and determine whether the user is authorized to call the server-side API. In yet another embodiment, configuration is implemented at the data storage tier to enforce user-access and data security on data that is retrieved/stored as a result of invoking the server-side API.
161 Citations
22 Claims
-
1. A method for securely invoking a server-side Application Programming Interface (API), the method comprising:
-
receiving, from a client-side component of a Web application, a request to invoke an API hosted on a server, wherein the request is sent asynchronously by the client-side component using AJAX; invoking a security handler configured to process the request in a manner that mitigates a plurality of different types of Web application or AJAX security attacks; invoking the API on the server; and sending a response comprising output data generated by the API to the client-side component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A server system comprising:
-
a storage component configured to store code for an Application Programming Interface (API); and a processing component in communication with the storage component, wherein the processing component is configured to; receive, from a client-side component of a Web application, a request to invoke the API, wherein the request is sent asynchronously by the client-side component using AJAX; invoke a security handler configured to process the request in a manner that mitigates a plurality of different types of Web application or AJAX security attacks; invoke the API; and send a response comprising output data generated by the API to the client-side component. - View Dependent Claims (18, 19)
-
-
20. A machine-readable medium for a computer system, the machine-readable medium having stored thereon program code for securely invoking a server-side Application Programming Interface (API), the program code comprising:
-
code for receiving, from a client-side component of a Web application, a request to invoke an API hosted on a server, wherein the request is sent asynchronously by the client-side component using AJAX; code for invoking a security handler configured to process the request in a manner that mitigates a plurality of different types of Web application or AJAX security attacks; code for invoking the API on the server; and code for sending a response comprising output data generated by the API to the client-side component. - View Dependent Claims (21, 22)
-
Specification