You're reading from Modern REST API Development in Go Design performant, secure, and observable web APIs using Go's powerful standard library

Product type Paperback

Published in Aug 2025

Publisher Packt

ISBN-13 9781836205371

Length 294 pages

Edition 1st Edition

Languages

Tools

Gokit

Concepts

Web Services

Author (1):

Jesús Espino

View More author details

Table of Contents (18) Chapters

Preface

1. Introduction to APIs FREE CHAPTER

2. Exploring REST APIs

3. Building a REST Client

4. Designing Your REST API

5. Authentication and Authorization

6. Data Persistency

7. API Security

8. API Performance

9. Deploying Your API

10. Testing

11. Documenting with OpenAPI

12. Metrics, Logs, and Traces

13. Using GORM

14. Using the Echo Framework

15. Unlock Your Book’s Exclusive Benefits

How to unlock these benefits in three easy steps

16. Other Books You May Enjoy

17. Index

HTTP security features

Hypertext Transfer Protocol (HTTP) provides a mechanism to interchange Hypertext, but also provides some security features that, as an API developer, you should be aware of. Let’s start by talking about Content Security Policy (CSP).

CSP

CSP is a mechanism that HTTP provides to have granular control over the restriction of loaded content. One of the most important features of CSP is XSS protection, which we already discussed in the input validation section. With CSP headers, you can restrict inline script execution, remote JavaScript execution, JavaScript eval code execution, and form submission, or even load iframes. CSP is a complex feature, so I would recommend investigating it in detail, but here is an example of how to use it from Go:

func myHandler(rw http.ResponseWriter, r *http.Request) {
  rw.Header().Set("Content-Security-Policy", "default-src 'self'",
    "frame-ancestors 'none'&quot...