0

I am quite an experienced Xamarin developer but completely new to backend stuff. I have written an API which has some data, let's say weathers, which my Xamarin.Forms app will query. All the calls are GET calls so no issues with security but I'd like to restrict the API so that only my app is authorised to make those calls. This is to prevent some other wily developer building their own app that calls to my API for example.

I understand having done some research that the best way would be to have users log in to my app and then authenticate via Azure AD. However this is pretty cumbersome for a lightweight app where security is not really an issue and no individual user data is passed.

Does anyone have a genius example of how this could be done? I found this article pretty useful but it didn't really give a solution. I accept that this is not the most secure method but really it's a risk/reward/effort thing and I'd just like to make it a bit more difficult than at the moment (I'm basically hosting a very nice public API!!).

Nimantha
  • 6,405
  • 6
  • 28
  • 69
varyamereon
  • 33
  • 4
  • 1
    You don't have to get users themselves to log in but you could make it so the app needs to be authorised and pass a secret key in order to authenticate itself – ADyson Sep 21 '19 at 22:17
  • Thanks @ADyson, I was thinking something like that. Are there some guidelines to creating a secret key? I've never done anything like it before. – varyamereon Sep 22 '19 at 13:09

1 Answers1

-1

Where there is a will there is a way.

You can do some basic filtering that will stop some people, but if there is no authentication from data that's stored outside your application, then there is a way to mimic your application and use your API in a potentially unintended way.

This StackOverflow answer is a little bit more in depth, but echoes the same point.

Justine Krejcha
  • 1,235
  • 17
  • 27
  • Thanks Justin, that's the same article I linked in my question. As mentioned I know it will not be perfect but it's a step forward from where I am now. – varyamereon Sep 22 '19 at 13:08