AnsweredAssumed Answered

Protecting content pulled via RESTful calls?

Question asked by rcasazza on Aug 9, 2010
Latest reply on Aug 9, 2010 by mrogers
We have a requirement to allow websites to be built by having portions of the pages being pulled from CM via RESTful calls.

My concern is that these URLs are visible externally so that people could take them and poke around our content by changing the URL parameters.

One solution is to add an encrypted digest to the end of the URL call so modifications to the URL can be detected and denied.

The issue there is providing some *easy* way for the UI people to be able to create these URLs complete with the digested piece for their design.

Various standards allow for an authentication token to be issued upon user authentication and then presented back in subsequent calls, but this really doesn't solve this particular issue. You would be able to still look through the CM by changing the RESTful URL and passing the token back for each attempt to find new content.

Has anyone run into this issue? Dealt with it differently?

Thanks

Outcomes