12:[["$","$La4",null,{"props":{"lessonContent":{"components":[{"type":"MarkdownEditor","content":{"version":"2.0","text":"$a5","mdHtml":"

In this lesson, we’ll try to understand why we should restrict the use of some HTTP methods. So, first, let’s have a primer on the HTTP methods used in REST—which are safe, which are idempotent, and which are cacheable.

HTTP/HTML

Hypertext Transfer Protocol (HTTP) ...

","cursorPosition":1544,"comp_id":"14QomBlKvRzAFvYl_bFDr"},"iteration":14,"hash":0,"saveVersion":36,"children":[{"text":""}]}],"summary":{"title":"Allowed HTTP Methods","description":"Understand what HTTP methods to judiciously allow for better security as REST APIs are built on HTTP methods.","tags":["HTTP methods","HTTP Verb Tampering"],"titleUpdated":true},"darkModeContent":["$a6"],"content":["$a6"]},"isPreviewLesson":false,"pageType":"collection_lesson","aiCoachVideoUrl":"https://youtu.be/kgl8y9J3O6c","collectionDetailsSSR":{"title":"Securing REST API for Web Applications and Services","summary":"Digital threats emerge every day around the world. This course will help you build REST APIs with minimal vulnerabilities.\n\nThis course diligently crafts the security design around the REST API and gears you up to a Secure Software Development Life Cycle (SSDLC). You’ll learn REST security from start to finish. This includes client and server rendering, the architectural constraints of REST, SSL/TLS/X.509 certificates, choosing the right TLS protocol, version, ciphers, forward secrecy, and the seven tenets of Zero Trust. You’ll also learn how and where to position access control in monolithic and microservices. You’ll also learn to make your application stateless using JWT, and learn the nuances of JWT security, how to put input validation to good use, choosing the right HTTP method to use, and the best practices for various content types.\n\nBy the end of this course, you’ll be able to build your next REST API and be confident in its security as measured by the common vulnerability scoring system (CVSS3.1).","details":"$ab","clos":["Learn to Secure REST APIs and make a secure software development lifecycle","Get a thorough understanding of SSL/TLS/X.509 Certificates if they are all same or different","Learn how to score vulnerabilities","Learn the differences between client and server Rendering","Learn zero trust and the seven tenets of zero Trust","Learn to choose the right TLS protocol, version and ciphers","Learn access control – the need for it, and where and how to position it in the architecture","Learn what JWT token is and its role in security","Learn input validation and its role in curbing ~90% of attacks","Learn to use the right content type and right HTTP method","Learn best practices of REST API security implementation"],"arabic_available":false,"page_tags":{"4531722823139328":"REST API Security,Server side rendering,Client side rendering","5229530320470016":"HTTPS,X.509 Certificatte,SSL/TLS Certificate","6686430761320448":"Authentication,Access control,Access","4829027795206144":"JWT,Access Control,Security Token","5740055655612416":"HTTP methods,HTTP Verb Tampering","5311299153559552":"Input validation","5612843539365888":"Content-Type,HTTP Headers,MIME","5353569550598144":"Best practices,REST API","5062402256666624":"HTTPS Protocol,HTTPS Cipher,Search Rankings"},"collection_toc_is_enabled":true,"page_count":null,"docker":{"container":{"file":{},"imageName":"","buildStatusUrl":"","buildLogUrl":"","track":false},"envs":[],"jobs":[],"testRunners":[],"version":3,"loaded":true},"discounted_price":null,"cover_image_id":4512411109556224,"cover_image_metadata":"{\"width\":1024,\"height\":512,\"sizeInBytes\":40440,\"name\":\"Master the Secure REST API Before Your Next Interview.png\"}","cover_image_serving_url":"/v2api/collection/6308197364662272/6162790475104256/image/4512411109556224","tags":["REST API Security OWASP","REST API Security","REST API Design"],"intro_video_url":"","intro_video_thumbnail_url":"","aggregated_widget_stats":{"MarkdownEditor":40,"codeExerciseCount":0,"codeRunnableCount":0,"codeSnippetCount":0,"illustrations":15,"MxGraphWidget":15,"Table":5,"Columns":2,"Quiz":7,"projects":0,"UML":0,"assessments":0,"SlateHTML":1,"cloudlabs":0},"default_themes":{"code_themes":{"Code":"default","Markdown":"default","RunJS":"default","SPA":"default","isForced":{"Code":false,"Markdown":false,"RunJS":false,"SPA":false}}},"api_keys":{"api_keys":[]},"skills":[],"testimonials":[{"name":"Will be provided later","text":"Will be provided later","title":"Will be provided later","pic":{},"image_id":""}],"licensing":null,"target_audience":"intermediate","author_id":"6308197364662272","collection_id":"6162790475104256","approval_status":3005,"price":null,"is_private":false,"path_type":"regular","organization_id":null,"is_mini":true,"is_priced":true,"brief_summary":"Secure your win in the REST API interview. The gist of years of experience on how to effectively secure your REST APIs and prevent attacks is in this course.","approval_update_time":"2022-07-05T15:37:29.851Z","rating_visibility":true,"update_last_published_on_homepage":true,"show_developed_by":true,"udata_files":[],"CodeThemes":{"Code":"default","Markdown":"default","RunJS":"default","SPA":"default","isForced":{"Code":false,"Markdown":false,"RunJS":false,"SPA":false}},"is_marked_for_deletion":false,"transition_page_title":"","is_redirectable":false,"collection_type":"mini-course","adaptive_learning_mode":false,"HLOs_to_toc":{},"is_guide":false,"read_time":3600,"allow_logged_out_executions":false,"unique_live_widget_urls":false,"metadata_status":101,"palified_version":null},"pageSummarySSR":{"title":"Allowed HTTP Methods","description":"Understand what HTTP methods to judiciously allow for better security as REST APIs are built on HTTP methods."},"adaptiveLearningConfigConstantSSR":0,"allowAllLessonPreview":false,"lockedBannerStatsSSR":{"b2cTrialStats":{"is_b2c_trial_active":true,"b2c_trial_active_duration":21,"b2c_trial_categories":"$ac"},"b2cStatus":100,"learnerTags":"$ad","workStats":1740,"interviewWorksStats":117,"inL2cStarterPack":false,"l2cWorkStats":46,"enableL2cStarterPackPaymentWidget":"false"},"pageTocSSR":"

HTTP/HTML

Common methods in HTTP

","authorId":"6308197364662272","collectionId":"6162790475104256","pageId":"5740055655612416","serverConfigConstants":{"enable_notepad_prompt_ai":"false"},"codeFeatureFlags":{"enableCodeCodeTabRedesign":"3"},"meta":{"type":["Article","TechArticle"],"title":"Allowed HTTP Methods","name":"Securing REST API for Web Applications and Services","description":"Understand what HTTP methods to judiciously allow for better security as REST APIs are built on HTTP methods.","image":"https://educative.io/api/collection/6308197364662272/6162790475104256/image/4512411109556224.png","isAccessibleForFree":false,"keywords":"$ad","provider":"Educative","publisher":"Educative","id":"courses/securing-rest-api-web-applications-services/allowed-http-methods","author":"Madhavi","educationalLevel":"intermediate","noIndex":false,"isForcedNoIndex":false,"noFollow":false,"redirectInfo":{"isDeletedCollectionPageRedirectable":false},"page_titles":{"4531722823139328":"Introduction: Why We Need to Secure REST APIs","5229530320470016":"REST API Using HTTPS","6686430761320448":"REST API Authentication and Access Control","4829027795206144":"Standardize JWT for Security (Access) Token","5740055655612416":"Allowed HTTP Methods","5311299153559552":"REST API Input Validation","5612843539365888":"REST API Content-Type Validation","5353569550598144":"REST API Best Practices","5062402256666624":"Additional Controls for HTTPS Security"},"is_marked_for_deletion":false,"transition_page_title":"","is_redirectable":false,"deleted_course_lesson_redirect":{"author_id":null,"collection_id":null,"page_id":null,"redirect_url_slug":null},"metadata_status":101,"additional_course_alternatives":[],"structured_data_json":"{\"@context\":\"https://schema.org\",\"@type\":\"LearningResource\",\"name\":\"Allowed HTTP Methods\",\"description\":\"Understand what HTTP methods to judiciously allow for better security as REST APIs are built on HTTP methods.\",\"isAccessibleForFree\":\"False\",\"hasPart\":[{\"@type\":\"WebContent\",\"isAccessibleForFree\":\"False\",\"cssSelector\":\".ed-lesson-content\"}],\"provider\":{\"@type\":\"Organization\",\"name\":\"Educative\"}}"},"requestUrl":"/courses/securing-rest-api-web-applications-services/allowed-http-methods","requestUrlInfo":{"authorId":6308197364662272,"collectionId":6162790475104256,"pageId":5740055655612416,"courseUrlSlug":"securing-rest-api-web-applications-services","pageUrlSlug":"allowed-http-methods"},"isExternalContent":false}}],[["$","script",null,{"id":"generate-data","type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"$ae"}}],["$","script",null,{"id":"structured-data","type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"LearningResource\",\"name\":\"Allowed HTTP Methods\",\"description\":\"Understand what HTTP methods to judiciously allow for better security as REST APIs are built on HTTP methods.\",\"isAccessibleForFree\":\"False\",\"hasPart\":[{\"@type\":\"WebContent\",\"isAccessibleForFree\":\"False\",\"cssSelector\":\".ed-lesson-content\"}],\"provider\":{\"@type\":\"Organization\",\"name\":\"Educative\"}}"}}],"$undefined"]]