I’m writing a Java wrapper for an API and I have a fundamental question about SSL and HTTPS connections. I know when HTTPS connections are made IN THE BROWSER, the information is encrypted between the browser and the server, so that the information cannot be read if it is intercepted. That’s the fundamental SSL connection as far as I know it.
Does that same level of security exist between a Java method call and the server however? For example, if I create a URL class with an address of “https://server.com/”, will the information between the Java code and the server be encrypted?
In other words, is the information being returned in this type of code secure (directly from my API, returns a JSON string):
public static String getJSON() {
String url = "https://nxtpass.com/create/?" +
"apiKey=" + apiKey // so on, building up the query
return IOUtils.toString(new URL(url).openStream());
}
If I were to type that address into a browser, the returned JSON string would be secured by the HTTPS connection (I believe this to be true). Does that same security hold up in my code above? If not, how would I go about doing that?
Yes. The line
is equivalent to
and the
openConnection()call returns an appropriate connection for the specified protocol.In this case, it will be an
HttpsURLConnection, which is coded to actually do HTTPS.