1. Download our Official Android App: Forums for Android!

Retrict REST-API so that only my app can use it

Discussion in 'Android Development' started by Tobbe237, Mar 24, 2019.

  1. Tobbe237

    Tobbe237 Lurker
    Thread Starter
    Rank:
    None
    Points:
    15
    Posts:
    1
    Joined:
    Mar 24, 2019

    Mar 24, 2019
    1
    0
    15
    Female
    I am using "PHP-CRUD-API" (https://github.com/mevdschee/php-crud-api) to do operations on a MySQL-database. It works very well, but the problem is that everyone else can also do the operations, because the REST-API only needs an URL to make queries.

    For example if anyone uses a software that sets the request type to DELETE and use this URL: "localhost/api.php/mytable/1" they would delete 1 row in "mytable" which is in my MySQL database.

    This may be a combination of Android/PHP/MySQL related topic, but I was wondering if anyone could tell me how I can make it so that my Android app is the only app/place that can successfully do queries to my database?

    (I have so far only been coding in Android Studio by using Java, and do not have a lot of knowledge about PHP and MySQL, which is why I chose to ask for help in this Android forum).

     

    Advertisement

  2. lunatic59

    lunatic59 Moderati ergo sum
    Moderator
    Rank:
     #3
    Points:
    4,238
    Posts:
    39,343
    Joined:
    Jun 12, 2010

    Jun 12, 2010
    39,343
    40,219
    4,238
    Male
    IT
    Pennsylvania
    I moved your post to the developer area. These guys will be able to answer your question better than the general membership.
     
    GameTheory and Deleted User like this.
  3. Deleted User

    Deleted User Guest
    Rank:
    None
    Posts:
    0
    Joined:

    Basically you need authentication credentials for your REST API.
    What is normally done here is to provide users with some kind of login service, which of course requires them to supply a login name and password. Once that check passes, then any subsequent REST calls will include an authentication token, which was passed back to your app after a successful login.
     
    lunatic59 and GameTheory like this.
  4. Deleted User

    Deleted User Guest
    Rank:
    None
    Posts:
    0
    Joined:

    lunatic59 and GameTheory like this.

Share This Page

Loading...