Site icon API Security Blog

Use JWTs for internal tokens and OAuth2.

0 Bearer Tokens for external tokens

4. Use a Secure Hash Algorithm to Sign Your Tokens

When signing your tokens, use the strongest algorithm available in your infrastructure: SHA-256 or better. If you are using an HMAC algorithm to sign your token, make sure it is at least 256 bits long (e.g., HMAC-SHA256). The shorter the length of the signature, the easier it is for hackers to crack them with brute force attacks
https://t.co/cyZqkS4z8a

Exit mobile version