Authorization
How to determine whether a user, system, or other principal has the necessary permissions to perform an action or access a resource.
Security and Compliance
Requirements that keep OpenREST services safe, compliant, and resilient.
This section covers security requirements intended to secure your API both from unauthorized use and from authorized misuse. It also covers relevant, security-related topics such as CORS headers and browser security.
Do not use cookies
Cookies are a bad idea. Don’t use them.
Cross-Origin Resource Sharing
A full implementation of the W3C’s Cross-Origin Resource Sharing (CORS) specification is required.
Rate Limiting
Return a consistent response when a client exceeds their quota.
Security Headers
A variety of headers that can be added to every response to help protect your API from common web security vulnerabilities.