Android to secure PHP API
I have an API written in PHP that works by receiving HTTP POST requests, then the API processes the request and outputs some XML.
I have an Android app that communicates successfully with this API.
My question is, how can I make it secure? I have been looking into using OAuth, but for PHP it uses a library that is not available to me. Plus, since the API is not public and only used for external applications I build, this seems a bit overkill.
What other suggestions would you recommend? I was looking at sending an API key / signature along with a POST request.
Many thanks.
source to share
This should be done the same way you make javascript-safe calls. You are using sessions. You should be able to send and receive headers, why not accept cookie-like data? No less session_id
. Securing SSL with open Wi-Fi hotspots will also be very helpful if you are using symmetric authentication.
OAuth has a different purpose - this is when your website starts hosting third-party apps that users want to use without providing that custom app password.
source to share