Abstract

With the rapid adoption of RESTful APIs in web, mobile, and cloud-based ecosystems, ensuring their security has become a critical challenge. Despite the availability of established standards such as OAuth 2.0, TLS, and JWT, real-world implementations often remain vulnerable due to inadequate input validation, weak authentication practices, and insufficient logging or monitoring mechanisms. This research proposes a middleware-based security framework designed to enhance REST API resilience through layered protection and real-time threat mitigation. The middleware acts as an intermediary security layer that validates incoming requests, enforces authentication and authorization policies, and performs intelligent logging and anomaly detection before allowing data flow to backend services. Key contributions include the design and implementation of a modular middleware architecture, seamless integration with existing authentication systems, and a unified logging and alerting mechanism to support proactive incident response. To evaluate the framework, controlled local experiments were conducted using simulated attack payloads targeting common vulnerabilities such as SQL injection, cross-site scripting, and insecure object references. The results demonstrate a significant reduction in successful attack attempts and minimal performance overhead, indicating that middleware-based security can provide an effective and practical defense for RESTful APIs without compromising efficiency [1][7].

References

• Badhwar, R., 2021. Intro to API Security-Issues and Some Solutions!. In The CISO’s Next Frontier: AI, Post-Quantum Cryptography and Advanced Security Paradigms (pp. 239-244). Cham: Springer International Publishing.
• Pardal, M.L., Offensive security assessment of a REST API for a location proof system.
• Ehsan, A., Abuhaliqa, M.A.M., Catal, C. and Mishra, D., 2022. RESTful API testing methodologies: Rationale, challenges, and solution directions. Applied Sciences, 12(9), p.4369.
• Mylläri, E., 2022. Introducing REST Based API Management and Its Relationship to Existing SOAP Based Systems.
• Bhateja, N., Sikka, S. and Malhotra, A., 2021. A review of sql injection attack and various detection approaches. Smart and Sustainable Intelligent Systems, pp.481-489.
• Anugrah, I.G. and Fakhruddin, M.A.R.I., 2020. Development authentication and authorization systems of multi information systems based rest api and auth token. Innovation Research Journal, 1(2), pp.127-132.
• OWASP Foundation, "OWASP Top 10: 2021 – The Ten Most Critical Web Application Security Risks," 2021. [Online]. Available: https://owasp.org/www-project-top-ten/
• Sadqi, Y. and Maleh, Y., 2022. A systematic review and taxonomy of web applications threats. Information Security Journal: A Global Perspective, 31(1), pp.1-27.
• Dalimunthe, S., Reza, J. and Marzuki, A., 2022. The model for storing tokens in local storage (Cookies) using JSON Web Token (JWT) with HMAC (Hash-based Message Authentication Code) in e-learning systems. Journal of Applied Engineering and Technological Science, 3(2), pp.149-155.
• https://developers.google.com/identity/protocols/oauth2
• Wear, S., 2018. Burp Suite Cookbook: Practical recipes to help you master web penetration testing with Burp Suite. Packt Publishing Ltd.
• Kim, J., 2020. Burp suite: Automating web vulnerability scanning (Master's thesis, Utica College).
• Maniraj, S.P., Ranganathan, C.S. and Sekar, S., 2024. SECURING WEB APPLICATIONS WITH OWASP ZAP FOR COMPREHENSIVE SECURITY TESTING. INTERNATIONAL JOURNAL OF ADVANCES IN SIGNAL AND IMAGE SCIENCES, 10(2), pp.12-23.
• Soni, P., & Kumar, A. (2020). API Security Challenges in the Digital Finance Ecosystem. International Journal of Cybersecurity and Digital Forensics, 2(2), 19-30.
• McDermott, M., & Harris, J. (2021). Defending Against Injection Attacks: A Comprehensive Review. Journal of Cybersecurity, 18(4), 231-245.
• Coughlan, S., & Duggan, T. (2019). Denial-of-Service Attacks in the Context of APIs and Fintech. International Journal of Information Security, 15(2), 114-126.
• Petrillo, F., Merle, P., Moha, N., & Guéhéneuc, Y.-G., 2019. Are REST APIs for Cloud Computing Well-Designed? An Exploratory Study. Université du Québec à Montréal, Inria Lille-Nord Europe, École Polytechnique de Montréal, Federal University of Rio Grande do Sul.
• R. Fielding, “Architectural Styles and the Design of Network-based Software Architectures,” Ph.D. dissertation, University of California, Irvine, 2000.
• E. Wilde, “RESTful Web Services: Principles, Patterns, Emerging Technologies,” IEEE Internet Computing, vol. 13, no. 6, pp. 93–95, 2009.