13:[["$","$La7",null,{"props":{"lessonContent":{"components":[{"type":"MarkdownEditor","content":{"version":"2.0","text":"There are two modes we can use while designing an application using REST APIs. These modes are used to pass the information from client to server, and vice versa.\n\n1. **Stateful mode**, so that we can pass some key critical information in our current session.\n2. **Stateless mode**, meaning we do not use sessions to store or pass any information between client and server. JSON Web Token (JWT) is a secure way to authenticate users and share the information. Once the authentication occurs via the identity provider, it provides a JWT token, which is valid for a predetermined period and every request post that will pass this token with each request.\n\nJWT does not make everything secure. First, let’s see the structure of JWT, its possible issues, and how we mitigate those issues.\n","mdHtml":"

There are two modes we can use while designing an application using REST APIs. These modes are used to pass the information from client to server, and vice versa.

Stateful mode, so that we can pass some key critical information in our current session.
Stateless mode, meaning we do not use sessions to store or pass any information between client and server. JSON Web Token (JWT) is a secure

...","cursorPosition":648,"comp_id":"v6HXoxKnT7V3rC8-KDaHc"},"iteration":0,"hash":0,"saveVersion":18,"children":[{"text":""}],"status":"normal"}],"summary":{"description":"Explore the structure and security practices of JSON Web Tokens (JWT) to securely authenticate users in REST APIs. Understand the differences between stateful and stateless designs, identify common JWT vulnerabilities, and learn validation techniques to mitigate risks and improve access control.","title":"Standardize JWT for Security (Access) Token","tags":["JWT","Access Control","Security Token"],"titleUpdated":true},"darkModeContent":["$a8"],"content":["$a8"]},"isPreviewLesson":false,"pageType":"collection_lesson","aiCoachVideoUrl":"https://youtu.be/kgl8y9J3O6c","collectionDetailsSSR":{"title":"Securing REST API for Web Applications and Services","summary":"Digital threats emerge every day around the world. This course will help you build REST APIs with minimal vulnerabilities.\n\nThis course diligently crafts the security design around the REST API and gears you up to a Secure Software Development Life Cycle (SSDLC). You’ll learn REST security from start to finish. This includes client and server rendering, the architectural constraints of REST, SSL/TLS/X.509 certificates, choosing the right TLS protocol, version, ciphers, forward secrecy, and the seven tenets of Zero Trust. You’ll also learn how and where to position access control in monolithic and microservices. You’ll also learn to make your application stateless using JWT, and learn the nuances of JWT security, how to put input validation to good use, choosing the right HTTP method to use, and the best practices for various content types.\n\nBy the end of this course, you’ll be able to build your next REST API and be confident in its security as measured by the common vulnerability scoring system (CVSS3.1).","details":"$ac","clos":["Learn to Secure REST APIs and make a secure software development lifecycle","Get a thorough understanding of SSL/TLS/X.509 Certificates if they are all same or different","Learn how to score vulnerabilities","Learn the differences between client and server Rendering","Learn zero trust and the seven tenets of zero Trust","Learn to choose the right TLS protocol, version and ciphers","Learn access control – the need for it, and where and how to position it in the architecture","Learn what JWT token is and its role in security","Learn input validation and its role in curbing ~90% of attacks","Learn to use the right content type and right HTTP method","Learn best practices of REST API security implementation"],"key_outcomes":[],"arabic_available":false,"page_tags":{"4531722823139328":"REST API Security,Server side rendering,Client side rendering","5229530320470016":"HTTPS,X.509 Certificatte,SSL/TLS Certificate","6686430761320448":"Authentication,Access control,Access","4829027795206144":"JWT,Access Control,Security Token","5740055655612416":"HTTP methods,HTTP Verb Tampering","5311299153559552":"Input validation","5612843539365888":"Content-Type,HTTP Headers,MIME","5353569550598144":"Best practices,REST API","5062402256666624":"HTTPS Protocol,HTTPS Cipher,Search Rankings"},"collection_toc_is_enabled":true,"page_count":null,"docker":{"container":{"file":{},"imageName":"","buildStatusUrl":"","buildLogUrl":"","track":false},"envs":[],"jobs":[],"testRunners":[],"version":3,"loaded":true},"discounted_price":null,"cover_image_id":4512411109556224,"cover_image_metadata":"{\"width\":1024,\"height\":512,\"sizeInBytes\":40440,\"name\":\"Master the Secure REST API Before Your Next Interview.png\"}","cover_image_serving_url":"/v2api/collection/6308197364662272/6162790475104256/image/4512411109556224","tags":["REST API Security OWASP","REST API Security","REST API Design"],"intro_video_url":"","intro_video_thumbnail_url":"","aggregated_widget_stats":{"MarkdownEditor":40,"codeExerciseCount":0,"codeRunnableCount":0,"codeSnippetCount":0,"illustrations":15,"MxGraphWidget":15,"Table":5,"Columns":2,"Quiz":7,"projects":0,"UML":0,"assessments":0,"SlateHTML":1,"cloudlabs":0},"default_themes":{"code_themes":{"Code":"default","Markdown":"default","RunJS":"default","SPA":"default","isForced":{"Code":false,"Markdown":false,"RunJS":false,"SPA":false}}},"api_keys":{"api_keys":[]},"skills":[],"testimonials":[{"name":"Will be provided later","text":"Will be provided later","title":"Will be provided later","pic":{},"image_id":""}],"licensing":null,"target_audience":"intermediate","author_id":"6308197364662272","collection_id":"6162790475104256","approval_status":3005,"price":null,"is_private":false,"path_type":"regular","organization_id":null,"is_mini":true,"is_priced":true,"brief_summary":"Secure your win in the REST API interview. The gist of years of experience on how to effectively secure your REST APIs and prevent attacks is in this course.","approval_update_time":"2022-07-05T15:37:29.851Z","rating_visibility":true,"update_last_published_on_homepage":true,"show_developed_by":true,"udata_files":[],"CodeThemes":{"Code":"default","Markdown":"default","RunJS":"default","SPA":"default","isForced":{"Code":false,"Markdown":false,"RunJS":false,"SPA":false}},"is_marked_for_deletion":false,"transition_page_title":"","is_redirectable":false,"collection_type":"mini-course","adaptive_learning_mode":false,"HLOs_to_toc":{},"is_guide":false,"read_time":3600,"allow_logged_out_executions":false,"unique_live_widget_urls":false,"metadata_status":101,"palified_version":null},"pageSummarySSR":{"title":"Standardize JWT for Security (Access) Token","description":"Explore the structure and security practices of JSON Web Tokens (JWT) to securely authenticate users in REST APIs. Understand the differences between stateful and stateless designs, identify common JWT vulnerabilities, and learn validation techniques to mitigate risks and improve access control."},"adaptiveLearningConfigConstantSSR":0,"allowAllLessonPreview":false,"lockedBannerStatsSSR":{"b2cTrialStats":{"is_b2c_trial_active":true,"b2c_trial_active_duration":21,"b2c_trial_categories":"$ad"},"b2cStatus":100,"learnerTags":"$ae","workStats":2050,"interviewWorksStats":142,"inL2cStarterPack":false,"l2cWorkStats":46,"enableL2cStarterPackPaymentWidget":"false"},"pageTocSSR":"

","authorId":"6308197364662272","collectionId":"6162790475104256","pageId":"4829027795206144","serverConfigConstants":{"enable_notepad_prompt_ai":"true","use_redesigned_sandpack_widget":"true"},"codeFeatureFlags":{"enableCodeCodeTabRedesign":"3"},"meta":{"type":["Article","TechArticle"],"title":"Standardize JWT for Security (Access) Token","name":"Securing REST API for Web Applications and Services","description":"Learn to standardize access control using JWT and how to validate JWT post-authentication.","image":"https://educative.io/api/collection/6308197364662272/6162790475104256/image/4512411109556224.png","isAccessibleForFree":false,"keywords":"$ae","provider":"Educative","publisher":"Educative","id":"courses/securing-rest-api-web-applications-services/standardize-jwt-for-security-access-token","author":"Madhavi","educationalLevel":"intermediate","noIndex":true,"isForcedNoIndex":true,"noFollow":false,"redirectInfo":{"isDeletedCollectionPageRedirectable":false},"page_titles":{"4531722823139328":"Introduction: Why We Need to Secure REST APIs","5229530320470016":"REST API Using HTTPS","6686430761320448":"REST API Authentication and Access Control","4829027795206144":"Standardize JWT for Security (Access) Token","5740055655612416":"Allowed HTTP Methods","5311299153559552":"REST API Input Validation","5612843539365888":"REST API Content-Type Validation","5353569550598144":"REST API Best Practices","5062402256666624":"Additional Controls for HTTPS Security"},"is_marked_for_deletion":false,"transition_page_title":"","is_redirectable":false,"deleted_course_lesson_redirect":{"author_id":null,"collection_id":null,"page_id":null,"redirect_url_slug":null},"metadata_status":101,"additional_course_alternatives":[],"structured_data_json":"{\"@context\":\"https://schema.org\",\"@type\":\"LearningResource\",\"name\":\"Standardize JWT for Security (Access) Token\",\"description\":\"Learn to standardize access control using JWT and how to validate JWT post-authentication.\",\"isAccessibleForFree\":\"False\",\"hasPart\":[{\"@type\":\"WebContent\",\"isAccessibleForFree\":\"False\",\"cssSelector\":\".ed-lesson-content\"}],\"provider\":{\"@type\":\"Organization\",\"name\":\"Educative\"}}"},"requestUrl":"/courses/securing-rest-api-web-applications-services/standardize-jwt-for-security-access-token","requestUrlInfo":{"authorId":6308197364662272,"collectionId":6162790475104256,"pageId":4829027795206144,"courseUrlSlug":"securing-rest-api-web-applications-services","pageUrlSlug":"standardize-jwt-for-security-access-token"},"isExternalContent":false}}],[["$","script",null,{"id":"generate-data","type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"$af"}}],["$","script",null,{"id":"structured-data","type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"LearningResource\",\"name\":\"Standardize JWT for Security (Access) Token\",\"description\":\"Learn to standardize access control using JWT and how to validate JWT post-authentication.\",\"isAccessibleForFree\":\"False\",\"hasPart\":[{\"@type\":\"WebContent\",\"isAccessibleForFree\":\"False\",\"cssSelector\":\".ed-lesson-content\"}],\"provider\":{\"@type\":\"Organization\",\"name\":\"Educative\"}}"}}],"$undefined"]]