web services - Signing requests with API secret in an iOS application -


i have webservice, , ios client(application) 1 of projects.

my webservice exposes several rest endpoints. looking way make sure webservice processes requests come ios application only.

i understand impossible 100% sure requests coming ios application.

but there best practices can use make sure requests coming ios only.

here few things trying .

  • bundle api secret ios application (known ios , server)
  • sign requests secret , timestamps
  • recycle api secret every (or alternate) application release cycles.

i new of this, help/advice/constructive-criticism super helpful

best option: bundle api secret ios application (known ios , server).

you can send in custom http header , it's best if send encrypted well.


Comments

Post a Comment

Popular posts from this blog

javascript - Bootstrap Popover: iOS Safari strange behaviour -

i looking through twitter bootstrap documentation, , i'm interested in implementing dismissible popover when button clicked. here example bootstrap's docs: http://getbootstrap.com/javascript/#dismiss-on-next-click when press "dismissible popover" button os x safari browser works fine. when access same link above ios safari, button not work. is, popover not dismissed on click. why button not working ios safari? the example linked using data-trigger="focus" attribute. try changing data-trigger="click" . <a tabindex="0" class="btn btn-lg btn-danger" role="button" data-toggle="popover" data-trigger="click" title="dismissible popover" data-content="and here's amazing content. it's engaging. right?">dismissible popover</a>
Read more

spring cloud - How to configure SpringCloud Eureka instance to point to https on non standard port -

i using spring boot/cloud actuator, , annotate application class @enableeurekaclient, applications comes , registers correctly eureka server. however, because configure application run on https, , on port 8444, eureka instance not registered correct protocol, instead using http. example http://localhost:8761/eureka/apps/ gives me <homepageurl>http://localhost:8444/</homepageurl> <statuspageurl>http://localhost:8444/info</statuspageurl> <healthcheckurl>http://localhost:8444/health</healthcheckurl> there no such thing securehomepageurl or securestatuspageurl - securehealthcheckurl exists. check com.netflix.appinfo.eurekainstanceconfig properties transmitted server when eureka client registers. however, having home/status/health page urls not showing https protocol doesn't mean instance isn't registered. matters whether or not secure port enabled. check following properties in client configuration: eureka.instance.se...
Read more

Magento/PHP - Get phones on all members in a customer group -

i working on custom magento extension. working around adminhtml part , i've created custom form there. here form code: <?php class vivasindustries_smsnotification_block_adminhtml_sms_sendmass_edit_form extends mage_adminhtml_block_widget_form { public function _preparelayout() { $extensionpath = mage::getmoduledir('js', 'vivasindustries_smsnotification'); $head = $this->getlayout()->getblock('head'); $head->addjs('jquery.js'); $head->addjs('vivas.js'); return parent::_preparelayout(); } protected function _prepareform() { $form = new varien_data_form(array( 'id' => 'edit_form', 'action' => $this->geturl('*/*/save', array('id' => $this->getrequest()->get...
Read more