Best practices for API Security and Session Tokens
Quick question for the security-minded folks here. I’m designing a new public-facing API and I’m debating what to use for session tokens and resource identifiers (like for virtual machine instances). Some of the tutorials suggest using simple hashes, but I’ve seen a lot of enterprise-level stuff using GUIDs instead. My main concern is unpredictability—I don’t want users to be able to "guess" a resource ID just by incrementing a number in the URL. Has anyone here used GUIDs for security tokens or cloud resource tracking? Are they "unpredictable" enough for high-scale apps, or should I be looking at something more cryptographically heavy?
8 Views
Last night I was going through different forum threads, not really searching for anything specific, just reading random opinions and experiences. In one of the comments I noticed https://cosmocasinos.org/ and decided to check it out of curiosity. I spent a few minutes looking around, and the overall structure felt clear and not overloaded, so it was easy to understand what’s where without confusion.