Android to secure PHP API

I have an API written in PHP that works by receiving HTTP POST requests, then the API processes the request and outputs some XML.

I have an Android app that communicates successfully with this API.

My question is, how can I make it secure? I have been looking into using OAuth, but for PHP it uses a library that is not available to me. Plus, since the API is not public and only used for external applications I build, this seems a bit overkill.

What other suggestions would you recommend? I was looking at sending an API key / signature along with a POST request.

Many thanks.

+3


source to share


1 answer


This should be done the same way you make javascript-safe calls. You are using sessions. You should be able to send and receive headers, why not accept cookie-like data? No less session_id

. Securing SSL with open Wi-Fi hotspots will also be very helpful if you are using symmetric authentication.



OAuth has a different purpose - this is when your website starts hosting third-party apps that users want to use without providing that custom app password.

0


source







All Articles