java - REST API for registration -

We want to implement the integrated public restible API in our software (written in Java) that can be created by various clients Can be used for small e-commerce app (eg for Android or iPhone) This API includes a list of products, categories, shopping cart support etc.

We need to provide an API that will allow for user registration and other sensitive functions. How should we protect this API against spam and brute morphing? In the standard product, do we use reCAPTCHA for any of the previous equivalents? First of all, think about separating the worries. First of all, think about separating the concerns. What is the purpose of the REST API?

A restore API should serve the customer. The client sends a request through the REST protocol, and receives a response to its request. In the code, it looks like this:

  @GET public response getClientInfo (@QueryParam ("clientId") integer client ID) {ClientDTO clientDTO = database.getClientInfo (clientId); Return ResponseWrapper.wrap (clientDTO); }   
 Now, you want your REST method only and this does nothing else. Otherwise, you will put  block-brute force-and-spam-logic  in your REST method and you will get a disadvantage of code that is not extensible, difficult for version, etc. If you want to change your, eg Blacklisting policy, you have to change each restore methi, and it is heavy if you want to check the call before doing it in the other way, take a look at the filter. Every request and response passes through a series of filters and server misuse can be checked.  
 I do not know what your technology stack is, but I would suggest to consider:  
 (which enables you to enable powerful interceptors, and Execution execution will be checked before the execution of the RESET method).   
 For example:  
  @loggedInUser @GET Public Response GetClientInfo (...) {...}   
 This security annotation  @logedInUser  (by the way, you define) will sign an interceptor to see this security hurdle, for example  
  @Secures (Created in Annotation) @loggedInUser Public Boolean hasRight (Identity Identity) {return identification}   
 JBoss Filter (a filter series)  
  
 Where you can create your own filter, for example, checks whether An IP is trying to send several calls within very short period ~ 10 line code).   
 An example of a filter  
  @startup @edespoken_filter (approx = "org.jboss.seam.web.ajax4jsfFilter") public class IP tracker filter abbasefilter Expanding {// iTTracker is your @ app that remembers all IP addresses Accessing the application @ Remove the personal IPtrapper FIP tracker; @ Override Public Zero doFilter (ServletRequest req, ServletResponse Res, FilterChain series) throws IOException, ServletException {if (! (Req Example: HttpServletRequest)) {chain.doFilter (req, res); Return; } Last string ipAddress = ((HttpServletRequest) req) .getRemoteAddr (); If (fIPTracker.isBlackListed (ipAddress)) {// apply error message here Send a response (feedback); Return; } And {// all good, continue the chain. Defiler (rick, race); }}}   
 PS I have given you a link to it, because others are really easy to find. Also, if you find Delta Speak unexpectedly, try it.