Spam Prevention on RESTful JSON Webservice

Question

Spam Prevention on RESTful JSON Webservice

I have a webservice embedded in grails to work with POST with the GWT client. If the user is registered, he can also access the web service without GWT only through the browser.

Now my question is how can I protect it so that its spam cannot spam my web service, for example. 1000 new entries, just the stress of my web service with specific messages (possibly over a loop) when logging in?

The same is true for Android clients, or if I provide other developers with my web service, and they can POST thousands of data in my web service.

Is there a mechanism that I can use?

thanks for the help

+4

security rest web-services

Gambo Aug 29 '11 at 9:02

source share

1 answer

rook · Accepted Answer · 2011-08-29T20:47:43+0000

Users of this REST api must be bound to an API key. A cryptographic nonce is usually the tool of choice. To get this key, the user will need to solve the captcha. Each API key must be limited to a specific number of requests. If the user sends many requests, you must request them using captcha (which may be the answer to the error for the REST request).

But in order to enforce this rule, you need to save the server state for each client, and there will be no RESTful for this. In short, what you are asking is not just possible with REST.

Spam Prevention on RESTful JSON Webservice

More articles: