I have an API when trying to access it through a web application, I am making ajax get and post requests.
As I am new to this, I am wondering what the security concerns are with respect to the content type.
Right now I know of two content types I can POST the data as:
Base64enoded URL.
JSON
If I am passing the data as encoded URL, the data will appear in the query string.
Even if Base64encoded wouldn't it be a bad way of passing sensitive information?
I read several articles and most of them said JSON or URL encoded wouldn't matter much in terms of security.
What are the security breaches that I must be concerned with when looking at the content type used to pass data between the application and the API?
Base64Encode/Decode is not developed to encrypt or transfer data securely. Can use Base64 to transfer string contains special characters without interrupt the protocol or function as mentioned here
In your case, you should use SSL to make a secure & encrypted connection between server & client.
And also you can use the RSA Encryption method to encrypt your data, Before sending it. (SSL uses this algorithm)
When you come to API, There is another point (Sniffing Security). You should provide a security layer to protect your data from being modified in the middle way. You can use HMAC to verify the data.
These are very common security tips. You can find more by googling the following keywords.
HMAC, Hash, RSA Encryption, SSL Certificate