Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I want to create a backend for my android app with Tapestry5 and this http://code.google.com/p/t5-restful-webservices/ plugin.
The app will communicate with the server by calling REST methods both for registered users (that would be easy to secure I guess) as well as unregistered users.
Now of course I don’t want people to just call that webservice from a browser.
How can I make sure that only my app can make calls to this backend?
I can think of 2 approaches:
Use SSL to secure the connection. SSL can do a handshake checking the credentials.
To authenticate the user you can use a certificate or a PSK.
Or you can simply create a Hash (SHA or MD5) of your data and include a key. This is called hmac. A reverse engineer may get the Key cause you have to hardcode it in your code.