Security in Web service api

3 points by hoangvukenshin ↗ HN
Hi everybody, Currently, I'm building a website service which provides API for the native app. And I'm considering some solution for security like base auth and token. Can you suggest some solution for it ? Thank you so much.

2 comments

[ 4.4 ms ] story [ 15.1 ms ] thread
Curious what you have considered already.
First, secure (SSL) and verify the certificate on the mobile app. Make sure no MITM can read your response/request.

For auth, my favorite auth is two fold

For API access => Signature based verification, signing each and every request using a known signature algorithm with the secret key (only known to you and the app developer).

For users => Token based authentication (lots of open source solutions out there).