Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
F
F
fuck__all__humans2017-04-03 16:55:11
API
fuck__all__humans, 2017-04-03 16:55:11

How to make a private API?

I'm making a private API for a site, but I can't figure out how to properly implement its privacy. That is, how to make this API just for the application.
That is, how to make it so that only the application has access to this API. There is an idea - to use a password for the apishka, that is, send a POST request like site.com/api/password=123456
And on the server organize it like this

const PASSWORD = '123456';
$password = Yii::$app->get('password');
if ($password != PASSWORD) header('HTTP/1.0 403 Forbidden');

But I think that such a request is easy to track down with a sniffer or decompile the application. So, how do private APIs of this type usually do?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
R
Rsa97, 2017-04-03
@Rsa97

HTTPS or session setup using an asymmetric key, further encryption using the session key.
But if the application itself is opened, then nothing will help.

Similar questions
A
Artur Lastname2019-11-22 08:32:03
How to disable all OTHER handlers on a js/bitrix element? 3Reply
W
wwwx3m2019-12-17 10:57:16
Is set.has(value) possible under given conditions? 2Reply
F
FaTaLcheG2019-06-04 14:26:48
Google sheets API do I understand Authorization correctly? 1Reply
S
sharton2017-01-12 19:04:57
How to write CRM? 1Reply
I
Ivan Yakushenko2019-06-09 16:09:42
Why isn't more than one button created with pyTelegramBotAPI? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question