I have an API in node js that i use as source of a mobile app. Is there some way to keep the data available only to my app and not for other apps?
Thanks!
Asked
Active
Viewed 99 times
0
-
1Yes, to a degree - you can use some sort of cryptographic authentication scheme, though a determined attacker will hunt through your .apk until they extract the keys. – Chris Stratton Feb 26 '14 at 20:23
-
What about some sort of user auth scheme? I suppose a user could take their creds and use them to connect from another app... but they would already have been authorized to use your API anyways. – Ray Stantz Feb 26 '14 at 21:07
1 Answers
0
Take a look at this. See if you can use the user agent to restrict the access to your app only.
Of course it is easy for someone to modify the user agent and make a request. If you are concerned about this you might need better form of authentication.
-
Certainly user agent by itself is problematic, but it may be part of a solution. As a first check, you could throw out anything that doesn't match your supported devices, then take a closer look at the traffic that does. – Ray Stantz Feb 26 '14 at 21:14