如何识别您的REST API Android应用 [英] How to uniquely identify your Android app for rest API
问题描述
有没有办法来唯一地标识我的Android应用程序在Java中code?也许包名和其他东西的某种组合?我知道有一种方法来确定一个独特的Android 设备,但这不是我所期待的。
Is there a way to uniquely identify my Android App in Java code? Maybe some combination of the package name and something else? I know there is a way to identify a unique Android device, but that is not what I am looking for.
我希望能够唯一地标识的我的Android的应用程序,我做了,这样我就可以传递信息给我自己的私人REST的API。这将让我验证呼叫从我的Android应用程序未来,而不是其他未经授权的。我想我的REST的API与应用程序我做了,因此没有人能够欺骗或访问唯一的工作是未经授权的。
I want to be able to uniquely identify my Android app that I made so that I can then pass that information to my own private RESTful API. This would allow me to verify that the call is coming from my Android App and not another unauthorized one. I want my RESTful API to only work with the app I made and so no one can spoof it or access it unauthorized.
或者,这是不可能的?我只是想知道像Snapchat应用程序如何拥有自己的登录,什么不是。显然,一些有固定它。
Or is this an impossibility? I'm just wondering how apps like Snapchat have their own login and what not. Clearly something there is securing it.
推荐答案
如果你想使用谷歌地图,从你的应用程序里面,你需要提供一个API密钥的每个请求。 谷歌地图Android开发者网站 据我知道的是,他们还用它来识别广告的应用程序相同的机制。 这个密钥以明文形式传输,因此它可以被拦截。他们这样做的欺诈检测,以prevent误用,所以如果你的RESTful服务是同一种如地图或广告,这是路要走Android应用程序。
If you want to use google maps from inside your app you need to supply an API key with every request. Google Maps Android Developer Site As far as I know that is the same mechanism that they also use to identify your app for advertisements. This key is transmitted in clear text so it can be intercepted. They do fraud detection to prevent misuse, so if your RESTful service is of the same kind as maps or ads this is the way to go for android apps.
如果你有高价值数据,如snapchat(从人的裸体)的用户必须提供又名密码保密,以确保连接。如果你想保持努力为用户低,你可以使用Facebook的或谷歌的身份验证机制。
If you have high value data like snapchat (nudes from people) the users have to provide a secret aka password to secure the connection. If you want to keep the effort for the user low you can use facebooks or googles authentication mechanisms.
另外一起来看看用品安全备忘表它会给你一个很好的概述的话题。 (特别授权部分。)
Also take a look at Rest Security Cheat sheet it will give you a nice overview of the topic. (Especially the Authorization section.)
这篇关于如何识别您的REST API Android应用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
