Abstract: An embodiment of the present invention provides a system that enables a user to securely invoke a REST (Representational State Transfer) API (Application Programming Interface) at an application server. A client can establish a secure communication channel with an application server, and can send a request to the application server to invoke the REST API. The client can then receive a security token from an authentication system in response to authenticating the user with the authentication system. Next, the client can receive a nonce and a timestamp from the application server. The client can then determine a security token digest using the security token, the nonce, and the timestamp. Next, the client can resend the request to the application server to invoke the REST API with the security token digest. The application server can invoke the REST API if the security token digest is valid.

Abstract: An embodiment of the present invention provides a system that enables a user to securely invoke a REST (Representational State Transfer) API (Application Programming Interface) at an application server. A client can establish a secure communication channel with an application server, and can send a request to the application server to invoke the REST API. The client can then receive a security token from an authentication system in response to authenticating the user with the authentication system. Next, the client can receive a nonce and a timestamp from the application server. The client can then determine a security token digest using the security token, the nonce, and the timestamp. Next, the client can resend the request to the application server to invoke the REST API with the security token digest. The application server can invoke the REST API if the security token digest is valid.