As RESTful web SERVICES work with HTTP URLs Paths so it is very important to safeguard a RESTful web service in the same manner as a website is be secured. Following are the best practices to be followed while designing a RESTful web service:

• Validation − Validate all inputs on the server. Protect your server against SQL or NoSQL injection attacks.
• SESSION based authentication − Use session based authentication to authenticate a user whenever a request is made to a Web Service method.
• No sensitive data in URL − NEVER use username, password or session token in URL , these values should be passed to Web Service via POST method.
• Restriction on Method execution − Allow restricted use of methods like GET, POST, DELETE. GET method should not be ABLE to delete data.
• Validate Malformed XML/JSON − Check for well formed input passed to a web service method.
• Throw generic Error Messages − A web service method should use HTTP error messages like 403 to show ACCESS forbidden etc.

As RESTful web services work with HTTP URLs Paths so it is very important to safeguard a RESTful web service in the same manner as a website is be secured. Following are the best practices to be followed while designing a RESTful web service: