Token Based Novel Approach To Web Service Security

Web services and APIs (Application Programming Interface) are published publicly on the internet or privately for companies by their very nature. Especially many web services are published openly. This leads to security vulnerabilities. Moreover, since web services and APIs are accessible by everyone, a substantial amount of malicious requests are made to web services and APIs. This situation may cause unnecessary requests to the servers running the web services and consume resources as a consequence. Again, this leads to a security vulnerability. In this study, we propose a TOKEN (Digital Sign) based model that encrypts the SOAP (Simple Object Access Protocol) Envelope message against such situations. To that end, we created a new model as an alternative to the model used in many public projects as an alternative solution. Based on the results we have obtained; we have seen that the model we propose is much faster and more flexible than the classical WS-Security (Web Service Security) solutions without compromising security.