I am newbie to android development. I am using android studio
for developing an application. Things i have done
DB
with two tables in it in MySQL
.api's
for both GET
and POST
methods.api's
What i have achieved for now
GET
data form the GET api
.POST
data using the POST api
What i have to do now
I want my api to publish online, i.e. I want to deploy my services into a server and access them. At this point i am able to deploy the services on the server and accessed them.
Now i want my services(api's
) to be secured. For that i have searched many articles and found two ways.
yii
framework. Someone told me to use it because it automatically secured the api's
. But i don't know for sure whether it do or not.api's
As for point 1
the framework will be helpful but it's new to me and it will take time to coop with it as i am already created the web services.
For point 2
i got some information
Both links seems to be good but link 1
doesn't gives me much info on that.
Obviously i want to secure my both api's
Now the code part
GET_DATA.php
require_once ('config.php'); $sql = "SELECT * FROM users"; $r = mysqli_query($con,$sql); $result = array(); while($row = mysqli_fetch_array($r)){ array_push($result,array( 'Id'=>$row['Id'], 'Name'=>$row['Name'] ));}
echo json_encode(array('users'=>$result));
POST_DATA.php
require_once ('config.php'); $return_arr = array(); $UserId=($_POST['UserId']); $Latitude=($_POST['Latitude']); $Longitude=($_POST['Longitude']); $DateTime=($_POST['DateTime']); $user_register_sql1 = "INSERT INTO `activity`(`Id`,`UserId`, `Latitude`,`Longitude`,`DateTime`) values (NULL,'".$UserId."','".$Latitude."','".$Longitude."','".$DateTime."')"; mysqli_query ($con,$user_register_sql1); $row_array['errorcode1'] = 1;
I have a user class
from which i am getting username
and ID
JSONfunctions.java
This class is responsible for getting data from the api
public static JSONObject getJSONfromURL(String url) { String json = ""; JSONObject jsonObject = null; try { HttpClient httpClientt = new DefaultHttpClient(); HttpGet httpGet = new HttpGet(url); HttpResponse httpResponse = httpClientt.execute(httpGet); BufferedReader br = new BufferedReader(new InputStreamReader(httpResponse.getEntity().getContent())); StringBuffer sb = new StringBuffer(); String line = ""; while ((line = br.readLine()) != null) { sb.append(line); } json = sb.toString(); } catch (ClientProtocolException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } try { jsonObject = new JSONObject(json); } catch (JSONException e) { e.printStackTrace(); } return jsonObject; }
PutUtility.Java
This class is responsible for POST
method
public void setParam(String key, String value) { params.put(key, value); } public String postData(String Url) { StringBuilder sb = new StringBuilder(); for (String key : params.keySet()) { String value = null; value = params.get(key); if (sb.length() > 0) { sb.append("&"); } sb.append(key + "=" + value); } try { // Defined URL where to send data URL url = new URL(Url); URLConnection conn = null; conn = url.openConnection(); // Send POST data request httpConnection = (HttpURLConnection) conn; httpConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); httpConnection.setRequestMethod("POST"); httpConnection.setDoInput(true); httpConnection.setDoOutput(true); OutputStreamWriter wr = null; wr = new OutputStreamWriter(conn.getOutputStream()); wr.write(sb.toString()); wr.flush(); BufferedReader in = new BufferedReader( new InputStreamReader(httpConnection.getInputStream())); String inputLine; response = new StringBuffer(); while ((inputLine = in.readLine()) != null) { response.append(inputLine); } in.close(); } catch (MalformedURLException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); }finally { try { reader.close(); } catch (IOException e) { e.printStackTrace(); } } return response.toString(); }
MainActivity.java
protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_main); _latitude = (TextView)findViewById(R.id.latitude); _longitude = (TextView)findViewById(R.id.longitude); btn_get_coordinates = (Button)findViewById(R.id.button); btn_save_data = (Button)findViewById(R.id.btn_save); btn_save_data.setOnClickListener(new View.OnClickListener() { @Override public void onClick(View v) { if(UserId.toString()== "" || Latitude.toString() == "" || Longitude.toString() == "" || DateTime.toString() == "") { Toast.makeText(getApplicationContext(), "Data Not Saved !!!! Please select appropriate data to save", Toast.LENGTH_SHORT).show(); } new ServiceLogin().execute(UserId, Latitude, Longitude, DateTime); } }); // Download JSON file AsyncTask new DownloadJSON().execute(); } // Download JSON file AsyncTask private class DownloadJSON extends AsyncTask<Void, Void, Void> { @Override protected void onPreExecute() { super.onPreExecute(); progressDialog = new ProgressDialog(MainActivity.this); progressDialog.setMessage("Fetching Users....!"); progressDialog.setCancelable(false); progressDialog.show(); } @Override protected Void doInBackground(Void... params) { // Locate the Users Class users = new ArrayList<Users>(); // Create an array to populate the spinner userList = new ArrayList<String>(); // http://10.0.2.2:8000/MobileApp/index.php //http://10.0.2.2:8000/app/web/users/ //http://192.168.100.8:8000/app/web/users/ // JSON file URL address jsonObject = JSONfunctions.getJSONfromURL("http://192.168.100.9:8000/MobileApp/GET_DATA.php"); try { JSONObject jobj = new JSONObject(jsonObject.toString()); // Locate the NodeList name jsonArray = jobj.getJSONArray("users"); for(int i=0; i<jsonArray.length(); i++) { jsonObject = jsonArray.getJSONObject(i); Users user = new Users(); user.setId(jsonObject.optString("Id")); user.setName(jsonObject.optString("Name")); users.add(user); userList.add(jsonObject.optString("Name")); } } catch (JSONException e) { Log.e("Error", e.getMessage()); e.printStackTrace(); } return null; } @Override protected void onPostExecute(Void args) { // Locate the spinner in activity_main.xml Spinner spinner = (Spinner)findViewById(R.id.spinner); // Spinner adapter spinner.setAdapter(new ArrayAdapter<String>(MainActivity.this, android.R.layout.simple_spinner_dropdown_item, userList)); // Spinner on item click listener spinner.setOnItemSelectedListener(new AdapterView.OnItemSelectedListener() { @Override public void onItemSelected(AdapterView<?> parent, View view, int position, long id) { textViewResult = (TextView)findViewById(R.id.textView); // Set the text followed by the position textViewResult.setText("Hi " + users.get(position).getName() + " your ID is " + users.get(position).getId()); UserId = String.valueOf(users.get(position).getId()); progressDialog.dismiss(); _latitude.setText(""); _longitude.setText(""); Latitude = null; Longitude= null; } @Override public void onNothingSelected(AdapterView<?> parent) { textViewResult.setText(""); } }); } }
As i am newbie, so i don't know what to do in php
script and what to do in my android code :(. It would be very helpful if anyone can guide me or give me a tutorial that i follow.
Any help would be highly appreciated.
You might not hear or not that you can use PHP for your Android App Development. We can use PHP as the back-end for our Android Applications, and trust me they work flawlessly with each other. Any Android app that needs account log-in and registration can efficiently utilize PHP on its back-end.
An Application Programming Interface, or API, defines the classes, methods, functions and variables that your application will need to call in order to carry out its desired task. In the case of PHP applications that need to communicate with databases the necessary APIs are usually exposed via PHP extensions.
To secure your APIs, you need a mechanism to detect that the request to the api is made from a trusted source. Many frameworks come with this feature by default.
However you can just use JSON Web Tokens (jwt) with PHP to add authorization to your api requests
Learn about token based authentication from this page.
Check out this simple tutorial on how to secure your PHP api endpoints with JWT.
If you need even more security you might want to add OAuth provider service to your API. check out this post on how to write OAuth provider in PHP
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With