stackoom
  简体   繁体   中英

Verifying/signing that a request to my API came from my app and was not spoofed (React Native)

 原文  2019-11-04 08:15:08       android/ ios/ react-native/ security/ geolocation

Question

Is it possible to verify that an API call to my server came from my app and was not spoofed with another HTTP request client or similar? I'm using React Native with Node on the back-end, and am using a JWT system for authentication.

Context: certain features are only unlocked for users that the app has detected are at a certain location. The only system I can think of for unlocking these is pretty weak - the front-end sends a request to the server with the user's location, and if the location fits then the features are unlocked. Obviously this request can be spoofed easily, unless I can sign them in a certain way that is unique to the app and is difficult to reverse-engineer.

Any other approaches would be appreciated (eg detect the user's location from the IP address that the request was sent from?)

1 answers

solution1
 -1  2019-11-04 09:22:20

you can use Signing certificates of your organisation.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question why https request is not working in my react-native app? Verifying that message came from a specific app/end point React Native app doesn't response my local .net api React native my app wont show any results from API GET call How to open another app from my android React Native app? i have propblem for getting apk from my app in react native How can I open my React Native App from the browser? So I am currently trying to upload an app to PlayStore but I need to upgrade my react native project from api lvl 28 to 29 Check if a request came from android App in rails How identfy http post API request is from my app?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM