API Security Hardening
Harden your API with HMAC request signing, secure secrets, and SRI for client-side integrity.
Quando usar esta receita
Protect your API from tampering and replay attacks. HMAC signing ensures requests haven't been modified, while SRI protects client-side resources from CDN compromises.
Etapas
Secret Generator
Experimente esta ferramenta →Create a secure API key
HMAC Generator
Experimente esta ferramenta →Sign API requests with HMAC
SRI Hash Generator
Experimente esta ferramenta →Ensure client-side script integrity
Perguntas frequentes
What's the difference between HMAC and JWT for API auth?
HMAC signs individual requests (stateless per-request verification). JWT provides session-based identity. Many secure APIs use both: JWT for identity + HMAC for request integrity.
Is SRI necessary if I host my own scripts?
SRI is most valuable for third-party CDN scripts. For self-hosted scripts, it adds protection against server compromises but is less critical.
Receitas relacionadas
Secure Password Workflow
Generate a strong password, verify its strength, and hash it for storage — a complete password security pipeline.
Web Security Header Audit
Audit your website's security headers, generate a CSP policy, evaluate it, and configure CORS.
JWT Authentication Setup
Set up JWT-based authentication: generate tokens, create signing keys, and implement TOTP for 2FA.
SSL Certificate Verification
Decode and verify SSL certificates, check expiration, and generate secure RSA keys for renewal.