Securing ASP.NET Web API when consumed by other .NET Application
In this article we are going to have a look on how to secure WEBAPI. Nowadays every developer can create API but few developers think of securing it. API are URI based which are easy to consume as anyone who knows this URI can misuse it, because we do not have any authentication on it and also we are not checking if the user who is sending request is valid or not.
Most payment gateways companies have their API toolkit which they provide for securing their API in that they register Client [Person / Company] who is going to implement Payment gateways. After that they provide you keys for encryption to send Request in encrypted format such that if someone intercepts it, they still will not able to read what real data is traveling in wires.