How to secure an API?

M

Muhammad2015-01-23 01:27:36

API

Muhammad, 2015-01-23 01:27:36

Hello. There is an application for android and an API for it. Everything seems to be ok, but what if I want to prevent other applications from using this API? At the moment, if you peek at the requests coming from the application, then other applications will be able to use it. Is there any way to protect against this?
UPD: Found another solution: bit.ly/1t8F1N6

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

D

Dmitry Entelis, 2015-01-23
@muhammad_97

1) https
2) add some hash from the time & request data & secret key wired into the application to all requests

D

Damir Makhmutov, 2015-01-23
@doodoo

Add Authorization eg. Or just a secret key that is only known to the app and api. But in this case, all requests are sent via https.

P

panaceya, 2015-01-23
@panaceya

HTTPS and its verification of the certificate in the application, this will save you from spoofing the certificate and sniff (to score and check the fingerprint of the certificate in the application), encrypting the transmitted content itself with a secret key stored in the software and the key that the owner of this device enters.