We have a new feature - API Endpoints Protection.
You can now enable Client/Server Signatures in the endpoint settings.
If this option is enabled, then unique cryptographic tokens (signatures) will be inserted into each request to the server from the client and in response from the server. The server will check the signature of each request and only allow execution if the signature is verified.
Features:
- There is a built-in mechanism for checking time stamps in signatures - it does not allow requests to be executed after the allowable interval has expired
- It is possible to enable hashing of the request body and response body separately
- Most cryptographic operations complete in less than 1ms
Limitations:
- Request payload hashing does not work with multipart-form data requests
Available in web and mobile apps. Useful when you want to protect your public API so that it is more difficult to abuse or parse.