Get full access to Implementing Oracle API Platform Cloud Service and 60K+ other titles, with a free 10-day trial of O'Reilly.

There are also live events, courses curated by job role, and more.

Start your free trial

General guidelines for designing policies

Policies should be configured to be naturally defensive, meaning that if access is not explicitly granted then it is denied. The degree to which this is done will depend on the nature of the API call and what data it exposes. Careful consideration should be given to ensure that the correct level of security policies is set, as even innocuous looking API calls can result in damage to organizations. For example, an API call that records the last login date and time of a user may seem harmless, but it will presumably store the login details into a database and therefore, this API could be used to direct potential SQL injection attacks, which if successful could result in serious damage.

The focus will ...

Get Implementing Oracle API Platform Cloud Service now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Don’t leave empty-handed

Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.

It’s yours, free.

Get it now

Check it out now on O’Reilly

Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.

Start your free trial Become a member now