Securing your application’s main channel of communication against all kinds of attacks is never in vain.

One of the most important features of an API, besides usability, is resilience. A big aspect of a more resilient API is a restricted amount of information communicated. This is important to keep in mind, since every bit of information you give away, aids in an attack against your API.

So let’s have a look at how we can fortify our APIs against one kind attack: timing attacks.

https://sealas.at/blog/2018-02/fortifying-apis-timing-attacks/