API Security Hardening
Harden your API with HMAC request signing, secure secrets, and SRI for client-side integrity.
이 레시피 활용 시점
Protect your API from tampering and replay attacks. HMAC signing ensures requests haven't been modified, while SRI protects client-side resources from CDN compromises.
단계
HMAC Generator
이 도구 사용해보기 →Sign API requests with HMAC
SRI Hash Generator
이 도구 사용해보기 →Ensure client-side script integrity
자주 묻는 질문
What's the difference between HMAC and JWT for API auth?
HMAC signs individual requests (stateless per-request verification). JWT provides session-based identity. Many secure APIs use both: JWT for identity + HMAC for request integrity.
Is SRI necessary if I host my own scripts?
SRI is most valuable for third-party CDN scripts. For self-hosted scripts, it adds protection against server compromises but is less critical.
관련 레시피
Secure Password Workflow
Generate a strong password, verify its strength, and hash it for storage — a complete password security pipeline.
Web Security Header Audit
Audit your website's security headers, generate a CSP policy, evaluate it, and configure CORS.
JWT Authentication Setup
Set up JWT-based authentication: generate tokens, create signing keys, and implement TOTP for 2FA.
SSL Certificate Verification
Decode and verify SSL certificates, check expiration, and generate secure RSA keys for renewal.