The problem
I am developing the back-end for a iOS app. One of the endpoint allows the app to insert data into the database, eg register-user.php
.
The app calls the API with certain parameters (eg, username and password), the server performs certain operations (eg, salt and hash the password) and then store everything on the database.
The question
How can I make sure only the app can actually call the API and insert data into the database?
I looked into SSL
certificates and OAuth2
but they don't seem to apply here (unless I profoundly misunderstood them).
Pass some token or auth/pwd to the api. Not the user's password, another pass that you keep on your app. Also HTTPS is needed to avoid sniffing.
Is this a test question? You're the second person to ask the same, and both of you seem to dislike TLS/SSL for some unknown reason.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.