发表新帖
发表新帖

How can I prevent other iOS/Android apps from using my RESTful API?

前端 未结
关注
3 1980
天涯浪人
天涯浪人 2021-02-09 07:19

I have a pre-existing iOS & Android app, that I\'m making an update for that includes a RESTful services API and Facebook login for user authentication. The general flow of

3条回答
  • 爱一瞬间的悲伤
    爱一瞬间的悲伤 (楼主)
    2021-02-09 07:50

    You can do this by including a signature in the request, and verifying it.

    App Side:

    1. do something like: signature = md5( md5(url + data) + MY_RANDOM_KEY)

    2. append signature to the data, or url, etc.

    3. send call to REST api (as usual)

    Server Side:

    1. extract the signature from the body/url (and remove it from there).

    2. calculate what you think it should be: signature_should_be = md5( md5(url + data) + MY_RANDOM_KEY) [keep in mind you've removed signature from url/data so that you get url/data in its original pre-hash state]

    3. verify that signature and signature_should_be are equal

    Doing this, along with SSL, should make your API secure enough.

    0 讨论(0)
 看不清?
提交回复
热议问题