Best practice allowing only Android apps to access the Rails API

Question

Best practice allowing only Android apps to access the Rails API

I did not find any specific answer, and most of the solutions are older, so I would like to ask the community about the best methods to protect the Rails API from other requests and allow access to it only for Android applications. No user registration or login. An Android application only needs access to data.

I thought to insert a secret key in my Android application and pass this key in each request, but this does not seem too safe for me.

What could be recommended to protect the Rails API from other requests and allow access to it only for Android applications? Thank.

+4

android ruby-on-rails ruby-on-rails-4 rails-api

Cristiano Aug 08 '14 at 1:35

source share

2 answers

, 100% - . (.. ), . , . - - , . , , , , , ProGuard - . , , , . , , .

+1

nasch 24 . '14 16:39

Richard Peck · Accepted Answer · 2014-08-08T09:24:14+0000

I do not have much experience with the API, but I know that if you want to protect them properly, you can use some API secret keys to complete the task

-

API Keys

If you want to provide functionality only to a specific group of users, you are best off embedding API keys in your applications.

I don’t know how you will achieve this specifically (IE only for your Android systems), but what you want in an ideal world allows only certain accounts with support for API keys to access the Rails data application.

Your task will be to provide keys only for Android devices. (The part I'm not sure about yet).

Rails , API:

enter image description here

-

Android-

, Android, Android- - ?

, , ID Android ( Android), , API.

Android?

, - : , Android, , "API-" rab. .

Best practice allowing only Android apps to access the Rails API

More articles: