Menu
I want to develop an android app for my website. One way of doing it is to have an API for the site, and let the app use that API. However i want this API to be used ONLY by my android app, I don't want any other client to be using this API.
Is there a way to ensure this?
I can think of one way of doing it: put a secret in the app and let the app pass this secret always to the API. But i am not sure how secure this approach would be because any packet sniffer can easily sniff the parameters and hence the secret. Any other suggestions?
400
I think this is something similar to a question I answered a few days ago. Securing a REST API from Android
Namely, find a way to authenticate all of your requests using a shared secret.
If you sign both the path and params with a secret, then there should be no way for someone to forge requests.
107
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
