Answer the question
In order to leave comments, you need to log in
How to protect api from interception?
There is an application on ios (objective-c) and a server part on laravel 5 (php).
How to implement api protection from interception through sniffers?
As far as I understand, you need to sign the request on the client and check it on the server.
I would be grateful for any links-tutorials on this topic.
Answer the question
In order to leave comments, you need to log in
To protect yourself from sniffers, just switch to HTTPS.
To restrict unofficial clients, the request can be signed. Usually, the request is unambiguously serialized in some way, hashed on the client with a known salt in advance, and passed this hash in the request. This salt is also known to the server and it repeats these actions, after which it compares the received one with the one sent by the client.
But this is all nonsense: if you have the desire and physical access to a jailbroken iPhone, the signature generation algorithm can be picked out of the application in a reasonable time.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question