Details
Language / Topic
_UUniversal
Category
Security
Rules
balanced
- Authenticate every API request. Use short-lived tokens (JWT) or API keys with scoping.
- Validate and sanitize all input at the API boundary — reject malformed payloads before processing.
- Implement rate limiting per IP and per API key — use exponential backoff for retry-after headers on 429 responses.
- Implement rate limiting per client/IP to prevent abuse and DDoS.
- Validate and sanitize all input at the API boundary — never trust client data.
- Use HTTPS for all API communication. Reject plaintext HTTP requests.