Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Securing web-API access

Tags:

java

security

php

I have a simple web-API accessible over HTTP with some corresponding mobile apps reading that data. Now someone decompiled an app / sniffed the HTTP traffic, got the url to my web API and built his own client acting like one of mine.

How can I secure the access to my API only for my own clients? Even with the thought of someone decompiling my app.

Server & client-side code change is an option!

like image 923
whlk Avatar asked Jun 28 '26 21:06

whlk


1 Answers

Server & client-side code change is an option!

First, you can't prevent it completely (without legal action :). Use SSL/TLS, that will help with the sniffing posibility.

If the app is downloaded directly from your server (not through an app store/third party) you can secure it a bit more. When a user downloads the application make sure the user is authenticated, generate a key, include it in the application and use it in all further communication with that user. The hacker/thief can mimic that, but they'll need to go through their server to simulate a login and download of your application -- you can find and block that.

like image 82
cristis Avatar answered Jun 30 '26 13:06

cristis



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!