'How to secure a process that uses tracking replies from an external API [duplicate]
We are actually using an external API in our web application and for some requests, that external API cannot respond immediately. We have then to provide a URL to track the response. When we get it, we update our databases with the received data.
The problem is that there is nothing to ensure that the response was indeed sent by the API.
So are there any security measures that can be taken for a such process? We don't even know where to start and Google didn't help much.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|