1

I am looking to create a 'secret key' for my iOS app to lock down my API so only people with the “key” have access.

It is my first app built using Swift and is pretty basic.

It currently connects to my database using a users email and password.

All database connections are handled via JSON with the API sent in the URL.

I have been advised that to secure this, would mean to lock down my API so only people with the “key” have access.

I have installed an SSL certificate through letsencrypt.org and now wish to create this secret key but I don't know where to start.

I have found various resources but they are either for Obj-C or Swift 2.1

Prior to this information above I was looking to implement OAuth2.0 or REST API but I was told neither of these are the right solution for what I need, and I was overcomplicating my issue.

I have been advised to create a 'secret key' for my iOS app to lock down my API so only people with the “key” have access.

I have been looking at this thread:

In iOS, how can I store a secret "key" that will allow me to communicate with my server?

and

https://github.com/rnapier/RNPinnedCertValidator

But the latter is Obj-C and the former does not give me enough information.

I have tried converting the Swift 2.1 code but I am unsure as where I need to put the code. For now I have placed it in my App Delegate.

The errors can ben seen in the image below - 2 are unidentified identities, 1 x argument label does not match available overload, and 1x cannot invoke initialiser of type.

Screen Shot 2017-02-28 at 18.17.01.png

Thanks

Community
  • 1
  • 1
RDowns
  • 651
  • 1
  • 10
  • 35
  • " the latter is Obj-C". So what? Its very very very easy to use existing Objc-C code in a swift project. – Gruntcakes Feb 28 '17 at 17:44
  • Simply put? Down-voted. Not even close to a good question. (And your comment is so poor - "lamens"? - it provoked my down vote.) Please, learn some things. Like how to translate Obj-C and ask good questions (search on MCVE here on SO). –  Feb 28 '17 at 17:58
  • Okay. Let's be constructive. What have you tried? Why can't you translate any of the four Obj-C steps in the link you have? We don't do your work for you, we help by giving *specifc* answers to *specific* questions. What is your *specific* issue? (And apologies, I guess it was *my* turn to be unprofessional. Still - "lamens"? :-)) –  Feb 28 '17 at 18:05
  • I have emailed the author of RNPinnedCertValidator who replied and said it had been translated to Swift here: https://linuskarlsson.se/blog/validating-server-certificates-signed-by-own-ca-in-swift/ However that is in Swift 2.1 - I have tried using this code and converting it in Xcode but there are too many remaining errors for me to make it usable – RDowns Feb 28 '17 at 18:08
  • So Obj-C and Swift 2.1 code means a degree of difficulty. I get that. The way SO works means the question remains - what is your *specific* issue? Please provide some code. I promise, I'll try to help. –  Feb 28 '17 at 18:10
  • My specific issue is that I need to 'lock down my API so only people with the “key” have access' and information can't be pulled from a web browser by simply posting a url such as "http://www.mydomain.co.uk/MyAoo/getLeagueStats.php?player_id=2&community_id=1" – RDowns Feb 28 '17 at 18:10
  • @dfd Thank you, I can't provide any code - as I actually don't have any. I have built my app- it is complete. But it has no security on it and I don't know where to start. As in the question I have looked into OAuth, REST API, and now been advised to use a secret key. – RDowns Feb 28 '17 at 18:11
  • Last comment because I don't want this to go to chat - you have code that works, albeit in Obj-C and Swift 2.1. If you are asking for a different third party API that's not a good question as it's considered off topic. But if you tried using Swift 2.1 code? We're starting to get to specifics anyways. What your latest error. Remember, we won't do your work for you. (Said respectfully.) –  Feb 28 '17 at 18:13
  • I have updated question. @Tushar I don't think I need anything that complicated. see my 7th comment – RDowns Feb 28 '17 at 18:20

0 Answers0