-3

I am writing a mobile app, and its corresponding RESTful API in NodeJS. Is it possible to make my RESTful API only usable from my app?

I have done some research, and found posts like this. But it is kinda irrelevant to my needs.

Community
  • 1
  • 1
onemach
  • 4,265
  • 6
  • 34
  • 52
  • 3
    I think you should write down your needs. Because answer you linked is covering the topic very well. – Igor Milla Mar 16 '16 at 12:21
  • Possible duplicate of [Protect API URL access via hash in Android app](http://stackoverflow.com/questions/7707311/protect-api-url-access-via-hash-in-android-app) – Artjom B. Mar 16 '16 at 19:07

1 Answers1

0

I think the simplest thing will be to hardcode secret key in your application and send it with each request. Also use ssl to protect this key. The only way to get it then will be reverse engineering of your app.

You also you can use bearer tokens, something like OAuth and OAuth2.

Sergey Yarotskiy
  • 4,536
  • 2
  • 19
  • 27
  • If the app binary is un-encrypted obtaining the API key is fairly easy by just examining the file. Note: iOS the app binary is encrypted under Apple's key so the file can not be examined. – zaph Mar 16 '16 at 13:33
  • When using "ssl" (https) it is also necessary to "pin" the server certificate ignorer to eliminate MITM attacks. – zaph Mar 16 '16 at 15:52