1. Are you ready for the Galaxy S20? Here is everything we know so far!

Retrict REST-API so that only my app can use it

Discussion in 'Android Development' started by Tobbe237, Mar 24, 2019.

  1. Tobbe237

    Tobbe237 Lurker
    Thread Starter

    I am using "PHP-CRUD-API" (https://github.com/mevdschee/php-crud-api) to do operations on a MySQL-database. It works very well, but the problem is that everyone else can also do the operations, because the REST-API only needs an URL to make queries.

    For example if anyone uses a software that sets the request type to DELETE and use this URL: "localhost/api.php/mytable/1" they would delete 1 row in "mytable" which is in my MySQL database.

    This may be a combination of Android/PHP/MySQL related topic, but I was wondering if anyone could tell me how I can make it so that my Android app is the only app/place that can successfully do queries to my database?

    (I have so far only been coding in Android Studio by using Java, and do not have a lot of knowledge about PHP and MySQL, which is why I chose to ask for help in this Android forum).



  2. Best Answer:
    Post #3 by Deleted User, Mar 24, 2019 (3 points)
  3. lunatic59

    lunatic59 Moderati ergo sum

    I moved your post to the developer area. These guys will be able to answer your question better than the general membership.
    GameTheory and Deleted User like this.
  4. Deleted User

    Deleted User Guest

    Basically you need authentication credentials for your REST API.
    What is normally done here is to provide users with some kind of login service, which of course requires them to supply a login name and password. Once that check passes, then any subsequent REST calls will include an authentication token, which was passed back to your app after a successful login.
    lunatic59 and GameTheory like this.
  5. Deleted User

    Deleted User Guest

    lunatic59 and GameTheory like this.

Share This Page