DEV Community

Andrei Kniazev
Andrei Kniazev

Posted on

Design Web API endpoint without leaking data to monitoring service

Right now SSL is a standard, but it is not enough to protect sensitive data. We can make a small mistake that can leak data that should be protected. For example — passwords. Even if you use cryptography to conceal the password bad endpoint design can expose it to a monitoring service or to a logger.

Here is a very common scenario. We decided to introduce the endpoint that will allow our users to restore passwords if they receive a restoration code.

[HttpPut("ChangePassword/{email}/{newPassword}/{code}")]
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[ProducesResponseType(404)]
public IActionResult ChangePassword(string email, string newPassword, string code)
{
    // do logic
    return Ok();
}
Enter fullscreen mode Exit fullscreen mode

Because I am using Azure in this example I will use Application Insights as a monitoring service for this app.

Let's hit the endpoint and check what we will be able to see in logging:

Application Insights Logs

So as you see, It exposes the password of the user. To prevent this we need to change our Web API endpoint. Instead of using the URL itself, we will put data in the body.

[HttpPut("ChangePassword")]
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[ProducesResponseType(404)]
public IActionResult ChangePassword([FromBody] ChangePassword body)
{
    // do logic
    return Ok();
}
Enter fullscreen mode Exit fullscreen mode

Let's check the logs!

Application Insights Logs

As you can see all the sensitive data should be put in the body of the request and not in the URL. SSL will encrypt everything but the monitoring service or logger will expose it.

Thank you and be safe!

Top comments (0)