security - How to procect API from man in the middle attacks -
i build cross platform application (wp8, ios, android) , apps utilize server create api requests.
my server phone call different type of apis (google, facebook, etc) , homecoming results. , application owner not has logged in create calls.
if there man in middle, can track api calls , utilize own usage drain quota against api services using.
i want phone has application able create calls. best way observe api calls server should come application?
you can utilize ssl prevent man in middle attacks there isn't way can 100% communicating application.. can create harder requiring sort of access token or using custom encryption if can decompile app can whatever want.
api security
No comments:
Post a Comment