Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to design a web api for mobile app usage?

We are building a mobile app, specifically an android app, and it needs to connect to the server to get data. It is not like twitter, we do not need to expose some kind of public apis. We just need to keep it simple and safe because user will exchange some private data with the server.

My questions is mainly on authentication. Our server will have a user database.

  1. How to register and login in my mobile app ? What kind of mechanism should be implemented in the server side and the client side.
  2. How to keep the session after login?
  3. If I need to let user could login without input his username/password next time when he open the app, What should I do? I just think to store his password in the mobile client is not a good idea.
like image 927
virsir Avatar asked Sep 17 '10 04:09

virsir


People also ask

How does a mobile app use an API?

An application programming interface is a software intermediary that allows interaction between multiple applications. In basic terms, APIs allow apps to talk to one another and share information. APIs can also be used to extend the functionality of a mobile application as well.

Should I develop a separate API for my mobile app and Web App?

By creating an API, we can make the app device-independent, which is vital when building a mobile web. You could have a website, a mobile app, and a mobile web app accessing the same data using the same API, without needing to have a backend for each app implementation.


2 Answers

Quick brain dump:

  1. Generate yourself a quick API Key (like a GUID) and communciate with your service via HTTPS.
  2. Huh? How is this different than #3?
  3. Use a simple obfuscation method to store them to local storage for your android app.

If you like, store the username and load it across application sessions and prompt for a password every "session" of your app.

like image 112
Nate Avatar answered Oct 06 '22 00:10

Nate


  1. As suggested by Nate will do it.

  2. and 3. After successful login your API could return unique session ID (as many webapps does) which you can store in your application and submit to your API with every further request. This way as long as client keeps the session ID stored and on server side its not deleted -user doesn't need to login again.

like image 38
Laimoncijus Avatar answered Oct 05 '22 23:10

Laimoncijus