I have several php scripts which connect to my sql server and retrieve some data. I call these php scripts from an android application. Now the issue is that I do not want the output of the scripts to be publicly seen when someone goes to that site on their computer.(Since they hold information about who has my application installed and other data). The only reason I have these scripts is for the internal logic of my application. I was wondering is there any easy way to keep my scripts accessible from the android phone and at the same time not display thier output when I connect to it using a browser from my computer. If not what other options do I have ?
Share
Having a single secret code as suggested is extremely insecure. Just pass the messages sent through a proxy and catch it and you have the code. What you are facing are basically the same issues that a creator of any publicly available API is facing.
Your best bet would be to have a unique API key for every installation that is used to sign all requests and responses. This does not HAVE to include a user manually putting it into the application. It could be that the first time the application communicates the server provides it with a key and maps that key to that device/installation.
Google for
Authentication for REST API in PHPor something similar and you will most likely find something pointing you in the right direction.