RESTful web services

Your client application can access Payment Feature Services by using the web services that are provided by Payment Feature Services. The web services are not intended to be used by your end users. Your users access your application and then its business logic can call the web services that it needs to accomplish the task. Some of the web services are implemented as SOAP-based web services and some are implemented as RESTful web services.

The following sections describe security considerations for RESTful web services.

Disable the Web Service Browser in a production environment

RESTful web services provides a Web Service Browser that can be used to test web services. For more information about the browser, see Web Service Browser.

Because the browser is to be used for testing only, disable it in a production environment.

Browser security

HTTP headers add extra security by restricting what capabilities and actions the intermediary servers and browsers allow. The Control Center and RESTful web services use the same HTTP header configuration, which is in the system properties. For more information about configuring the HTTP headers, see System properties page.

Some HTTP headers need special consideration when they are configured. For more information about these headers, see Web service HTTP headers.

Additional information

The following topics contain more information about RESTful web services security.