Securing your HTTP API with JavaScript Object Signing and EncryptionOne thing that is always difficult, enough to deserve its own book, is to secure HTTP API that interact with client-side applications: today, after a discussion about how to face the problem in our company, we bumped into the JOSE – JavaScript Object Signing and Encryption – specification. Basically, the specification defines 4 entities: JWS, JSON Web Signature, a signed representation of data JWT
