从匿名调用中保护我的REST API
[英]Securing my REST API from anonymous calls
问题描述
I have made REST API for my Android Application. 
我已经为我的Android应用程序制作了REST API。 But I want to secure it from any anonymous access. 但是我想从任何匿名访问中保护它。 Only my Android app should be able to access it. 只有我的Android应用程序应该可以访问它。 How can I do it. 我该怎么做。 I thought of an API token which I will hash and send it to my REST Server with every request from my Android app. 我想到了一个API令牌,它将对来自Android应用程序的每个请求进行哈希处理并将其发送到REST Server。 But its not secure as network sniffers can easily find hashed token and can send it to my REST Server. 但是它并不安全,因为网络嗅探器可以轻松找到散列令牌并将其发送到我的REST Server。 Is there any full proof way from which I can secure my REST API 有什么完整的方法可以确保我的REST API安全
1 个解决方案
解决方案1
0 2013-03-16 13:59:21
As someone mentioned in the comment section, you can consider HTTPS. 正如评论部分中提到的那样,您可以考虑使用HTTPS。 If you host your webservice say for instace on IIS , you can have a two way secure line. 如果您在IIS上托管您的Web服务请求安装实例,则可以使用两种方式进行安全保护。 The application gets the public keys in a certificate, and the webserver demands a client certificate back. 应用程序获取证书中的公共密钥,并且Web服务器要求返回客户端证书。 An introduction to the topic: how to set up ssl on iis . 主题简介: 如何在iis上设置ssl 。 For the certificate generation I would highly recommend using OpenSSL . 对于证书生成,我强烈建议使用OpenSSL 。
On the other hand, you can take a look at Google's App Engine , I've looked through this tutorial , which seems nice. 另一方面,您可以看一下Google的App Engine ,我看过了本教程 ,看起来不错。
Good luck! 祝好运!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.