How to authenticate http requests from an iOS app?
Question
I have an iOS app that communicates over https with a server.
Is it possible to authenticate the app, so that the server will only respond to requests from that app? In other words, it won't respond to http requests from a browser/curl/another app/etc?
I'm not interested in authenticating the user- just being sure that only my app can communicate with the server.
What I've considered:
-Shared secret on server and app. But anyone can look inside the app bundle to extract the secret.
-Using push notifications. App contacts server, and tells server its push notification token. Server sends a push notification which reaches app. Nothing else can receive the notification, so embed a shared secret in it, which the app can use from then on. But push notifications can be delivered late, or not at all. And many users don't want to enable them.
Obviously Apple authenticates devices so it knows where to send push notifications. But is there any way of hooking into this?
1 answers
solution1
1 2012-03-30 23:39:40
Have you thought about using MAC address of your ios device? I use this in an app that logs on a server that needs to identify a device as a terminal and uses that to create a session for that terminal.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.