D
D
decenter2015-07-28 16:03:28
PHP
decenter, 2015-07-28 16:03:28

How to make authorization for the server with API?

Good afternoon! There is one project in which a large database is formed on the basis of which the corresponding catalog for the site is formed. One good friend suggested making a similar application for ANDROID / IOS based on the site's API. The essence of the interaction of the android application with the server is something like this:
1) the application sends a POST request with input parameters to the server.
2) this request is processed by means of PHP and forms the corresponding response in JSON format.
3) the android application processes this request and generates content for the user based on it.
Since the size of the database has already exceeded 15 GB, the question arises of controlling the use of this api only by the designated android application. What is the best way to organize access control (authorization) for the interaction described above?
I would be grateful for links to the manual, or HOW TO.
Server source data UBUNTU/debian APACHE 2.2 Postgresql, php 5.4

Answer the question

In order to leave comments, you need to log in

2 answer(s)
D
Dmitry Entelis, 2015-07-28
@decenter

For example, calculate a hash with a salt according to the data of each request.
It is quite good to consider salt dynamically from time for example.
And all this over https is mandatory.
If they want to open it, they will open it, but with hemorrhoids.

A
Alex, 2015-07-28
@Kozack

Alternatively - oauth.net/2

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question