I am devoloping online store android standalone app(not in webview). I have PHP engine on the server and implemented REST API. But the problem is security between android app and server.
The secure requests shoud be purchase item, view purchased history, cancel order.
My app will let user to enter login and password to login into the app checking data correctness from the server and than user will have an ability to send secure requests.
So the question is how to secure connection ? And how to implement this on the server and client side.
Please give advices how to implement this, and important, what is the best practise to do this to build robust application.
I would be grateful for any help.
Asked
Active
Viewed 1,088 times
0
2 Answers
0
Generally with RESTful applications, you should leverage the header Authorization. There are several levels of security you can implement:
- Basic authentication. It simply corresponds to set a based64-encoded string containing identifier and password
- Token-based authentication. It involves a token resource that provides tokens with expiration and that are used instead of actual identifier / password for authentication.
This link provides more details about the way to use these mechanisms: https://templth.wordpress.com/2015/01/05/implementing-authentication-with-tokens-for-restful-applications/.
Hope it helps you, Thierry
Thierry Templier
- 198,364
- 44
- 396
- 360