I have an iphone App written in swift, and I hard coded an api code, and I make make a http request to my server with that api code. Recently I discovered the api code has been stolen and use by another app. Is there a way to protect the API code? I think he decompile my code or something.
Asked
Active
Viewed 98 times
1 Answers
0
It’s impossible to hide secrets in a client app, therefore you should not do that.
There are other techniques for protecting your API from missuses. That could be by introducing rate-limiting, user-agent checks to name two of them
user1415066
- 855
- 7
- 11
-
But the api code is the same for all users, what's the user-agent check do? – Julia Jul 14 '20 at 18:39
-
If your API gets missused from someone else that’s embedding it into a website, the user-agent check forces the owner of that website to place the call to your API to the server side. That means every request will come from a few ip-addresses, which mean they will likely hit the rate limiting quickly – user1415066 Jul 14 '20 at 18:42
-
But the problem is that I'm using that hard coded api code myself in my app. Right now, the other guy copied my api code and call my server in his app. The only way for me is to repbulish my app with a new API, but then he can recompile my app and see the source code again to get the new api. – Julia Jul 14 '20 at 18:54
-
Yes, as I said, there is no way of making this 100% secure. You can try to obfuscate the code, which would make it harder for the other person to copy your code/secrets. Just curious, what is the app doing? – user1415066 Jul 15 '20 at 08:37
-
the app is getting data from my server. I had a hidden file on my server that is not available to the public. The only time I use that file is within the app that I hardcoded, I had something like get_data.php?pas=asdkfj8asdl32, which I thought was pretty secured. However, recently, I found out another app is using my service, every time I made a change to my data, its reflected on their app. – Julia Jul 15 '20 at 12:37