CFP last date
20 February 2026
Call for Paper
March Edition
IJCA solicits high quality original research papers for the upcoming March edition of the journal. The last date of research paper submission is 20 February 2026

Submit your paper
Know more
The week's pick
Responsive image
A Knowledge-Graph–Driven Multimodal Large Model for Semantic Understanding and Controllable Generation of Intangible Cultural Heritage

Jundi Yang Heng Yao
Random Articles
Reseach Article

Securing RESTful APIs with Middleware-based Threat Mitigation

by Mohammed Ali Rizvi, Neha Jain
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 187 - Number 72
Year of Publication: 2026
Authors: Mohammed Ali Rizvi, Neha Jain
10.5120/ijca2026926220

Mohammed Ali Rizvi, Neha Jain . Securing RESTful APIs with Middleware-based Threat Mitigation. International Journal of Computer Applications. 187, 72 ( Jan 2026), 55-69. DOI=10.5120/ijca2026926220

@article{ 10.5120/ijca2026926220,
author = { Mohammed Ali Rizvi, Neha Jain },
title = { Securing RESTful APIs with Middleware-based Threat Mitigation },
journal = { International Journal of Computer Applications },
issue_date = { Jan 2026 },
volume = { 187 },
number = { 72 },
month = { Jan },
year = { 2026 },
issn = { 0975-8887 },
pages = { 55-69 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume187/number72/securing-restful-apis-with-middleware-based-threat-mitigation/ },
doi = { 10.5120/ijca2026926220 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2026-01-20T22:56:13.229218+05:30
%A Mohammed Ali Rizvi
%A Neha Jain
%T Securing RESTful APIs with Middleware-based Threat Mitigation
%J International Journal of Computer Applications
%@ 0975-8887
%V 187
%N 72
%P 55-69
%D 2026
%I Foundation of Computer Science (FCS), NY, USA
Abstract

With the rapid adoption of RESTful APIs in web, mobile, and cloud-based ecosystems, ensuring their security has become a critical challenge. Despite the availability of established standards such as OAuth 2.0, TLS, and JWT, real-world implementations often remain vulnerable due to inadequate input validation, weak authentication practices, and insufficient logging or monitoring mechanisms. This research proposes a middleware-based security framework designed to enhance REST API resilience through layered protection and real-time threat mitigation. The middleware acts as an intermediary security layer that validates incoming requests, enforces authentication and authorization policies, and performs intelligent logging and anomaly detection before allowing data flow to backend services. Key contributions include the design and implementation of a modular middleware architecture, seamless integration with existing authentication systems, and a unified logging and alerting mechanism to support proactive incident response. To evaluate the framework, controlled local experiments were conducted using simulated attack payloads targeting common vulnerabilities such as SQL injection, cross-site scripting, and insecure object references. The results demonstrate a significant reduction in successful attack attempts and minimal performance overhead, indicating that middleware-based security can provide an effective and practical defense for RESTful APIs without compromising efficiency [1][7].

References
  1. Badhwar, R., 2021. Intro to API Security-Issues and Some Solutions!. In The CISO’s Next Frontier: AI, Post-Quantum Cryptography and Advanced Security Paradigms (pp. 239-244). Cham: Springer International Publishing.
  2. Pardal, M.L., Offensive security assessment of a REST API for a location proof system.
  3. Ehsan, A., Abuhaliqa, M.A.M., Catal, C. and Mishra, D., 2022. RESTful API testing methodologies: Rationale, challenges, and solution directions. Applied Sciences, 12(9), p.4369.
  4. Mylläri, E., 2022. Introducing REST Based API Management and Its Relationship to Existing SOAP Based Systems.
  5. Bhateja, N., Sikka, S. and Malhotra, A., 2021. A review of sql injection attack and various detection approaches. Smart and Sustainable Intelligent Systems, pp.481-489.
  6. Anugrah, I.G. and Fakhruddin, M.A.R.I., 2020. Development authentication and authorization systems of multi information systems based rest api and auth token. Innovation Research Journal, 1(2), pp.127-132.
  7. OWASP Foundation, "OWASP Top 10: 2021 – The Ten Most Critical Web Application Security Risks," 2021. [Online]. Available: https://owasp.org/www-project-top-ten/
  8. Sadqi, Y. and Maleh, Y., 2022. A systematic review and taxonomy of web applications threats. Information Security Journal: A Global Perspective, 31(1), pp.1-27.
  9. Dalimunthe, S., Reza, J. and Marzuki, A., 2022. The model for storing tokens in local storage (Cookies) using JSON Web Token (JWT) with HMAC (Hash-based Message Authentication Code) in e-learning systems. Journal of Applied Engineering and Technological Science, 3(2), pp.149-155.
  10. https://developers.google.com/identity/protocols/oauth2
  11. Wear, S., 2018. Burp Suite Cookbook: Practical recipes to help you master web penetration testing with Burp Suite. Packt Publishing Ltd.
  12. Kim, J., 2020. Burp suite: Automating web vulnerability scanning (Master's thesis, Utica College).
  13. Maniraj, S.P., Ranganathan, C.S. and Sekar, S., 2024. SECURING WEB APPLICATIONS WITH OWASP ZAP FOR COMPREHENSIVE SECURITY TESTING. INTERNATIONAL JOURNAL OF ADVANCES IN SIGNAL AND IMAGE SCIENCES, 10(2), pp.12-23.
  14. Soni, P., & Kumar, A. (2020). API Security Challenges in the Digital Finance Ecosystem. International Journal of Cybersecurity and Digital Forensics, 2(2), 19-30.
  15. McDermott, M., & Harris, J. (2021). Defending Against Injection Attacks: A Comprehensive Review. Journal of Cybersecurity, 18(4), 231-245.
  16. Coughlan, S., & Duggan, T. (2019). Denial-of-Service Attacks in the Context of APIs and Fintech. International Journal of Information Security, 15(2), 114-126.
  17. Petrillo, F., Merle, P., Moha, N., & Guéhéneuc, Y.-G., 2019. Are REST APIs for Cloud Computing Well-Designed? An Exploratory Study. Université du Québec à Montréal, Inria Lille-Nord Europe, École Polytechnique de Montréal, Federal University of Rio Grande do Sul.
  18. R. Fielding, “Architectural Styles and the Design of Network-based Software Architectures,” Ph.D. dissertation, University of California, Irvine, 2000.
  19. E. Wilde, “RESTful Web Services: Principles, Patterns, Emerging Technologies,” IEEE Internet Computing, vol. 13, no. 6, pp. 93–95, 2009.
Index Terms

Computer Science
Information Sciences

Keywords

RESTful APIs Middleware Security Threat Mitigation API Authentication Rate Limiting Injection Attacks JWT Web Application Security

Powered by PhDFocusTM