[英]Secure REST API in Spring Boot without login authentication
I am currently building an android app and a backend REST api. 我目前正在构建一个android应用程序和一个后端REST API。 The login is only uses fb and google login on the android part. 登录名仅在Android部分使用fb和google登录名。
The APIs are all accessed publicly. 所有的API都是公开访问的。 How should I secure my backend api so that only the android app can access it? 我应该如何保护我的后端api,以便只有android应用程序可以访问它?
Basic Auth and OAUTH is not even possible because it will require a hardcoded password on the android side. 甚至无法使用基本身份验证和OAUTH,因为它将需要在Android端使用硬编码的密码。
Thanks in advance for the help. 先谢谢您的帮助。
what about using mutual certificates? 使用共同证书怎么办?
https://www.nevatech.com/blog/post/What-you-need-to-know-about-securing-APIs-with-mutual-certificates https://www.nevatech.com/blog/post/What-you-need-to-know-about-securing-APIs-with-mutual-certificates
https://dzone.com/articles/securing-rest-apis-with-client-certificates https://dzone.com/articles/securing-rest-apis-with-client-certificates
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.