client-server REST APIs security
Question
I have a cordova client app and I want to restrict access to my REST APIs to only mobile cordova clients, in order to prevent browsers and other not allowed devices to access my APIs.
For the client-side I should do something in javascript (the app runs with cordova ), but I cannot just set a static token in my code and make a $.ajax() call to server because users could copy that token, so I need a way to protect the token and the $.ajax() call.
How should I proceed?
Thanks
2 answers
solution1
0 2016-06-14 01:47:32
You could set the server to only reply to certain user-agents. It can be the default Cordova WebKit user-agent, or you could set a customized user-agent for your app in config.xml. Check out OverrideUserAgent in the Cordova documentation .
solution2
0 2016-06-14 07:34:06
I would suggest you to use the device plugin to acquire the platform of the device. I use it for my internal usage stats and it gives you strings like "Android", "iOS" and others, at runtime when the user open the app. Share the string with your server and you can have what you ask for.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.