We have a simple API that we dont want the external world using, and only want our iPhone clients to use.
How can I authenticate the client for the API for a mobile device?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
We have a simple API that we dont want the external world using, and only want our iPhone clients to use.
How can I authenticate the client for the API for a mobile device?
If you have an API that your client can access, you won’t be able to prevent a determined skilled person from also using your API (as the user can identify any secrets stored in the client).
If you just want to prevent casual use then a relatively simple way to authenticate a client would be to have a shared static secret that is stored in the client and use that with for example an HMAC based API authentication scheme.