Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have an iPhone application that uploads images directly to S3. Then it hits an endpoint on my web server and creates a new post with some metadata, along with the S3 URL for the uploaded image. All of this occurs over SSL, but what is stopping someone from reverse engineering the endpoint for creating posts and supplying a bogus URL?
No, it is not possible to really ensure that only your app can contact your server, but you can provide some kind of signature to your app, which is posted to your server via HTTPS before the real communication takes place.
Taking a look at API authentication in general is a good idea I think. This looks like a goot start: Principles for Standardized REST Authentication