限制的API调用。只允许我的手机应用程序 [英] Restrict API calls. Allow only my mobile app

问题描述

我希望我的 Web服务器接受请求发起只是从我的移动应用程序

I want my web server to accept requests that originate only from my mobile app.

由于移动应用程序是客户端应用程序，意味着用户可以拥有二进制和反编译或使用像小提琴手的工具，除preT API调用和重建他们（例如：在一个控制台应用程序）。

Since mobile apps are client apps that means that users can have the binary and decompile it or use a tool like Fiddler to interpret the API calls and reconstruct them (ex: in a console app).

所以，我要的是一个方法的生成绑定到我的应用程序和用户的设备中的关键

So what I want is a way of generating a key that is bound to my app and the user's device.

该应用程序部署在Windows Phone7的，iPhone和Android。一个跨平台的解决方案是理想，但一些作品只在一个平台上也超过了可以接受的。

The app is deployed in Windows Phone7, iPhone and Android. A cross platform solution would be ideal but something that works only in one platform is also more than acceptable.

谢谢！

推荐答案

考虑到要部署应用程序客户端，这里实际的答案是不可能的。你可以把它很难有人伪造一个正式身份证，而是因为你没有对已发出请求的系统控制，也可能是您的应用程序或其他任何pretending是您的应用程序。

Considering that you are deploying an application to a client, the actual answer here is 'not possible'. You can make it difficult for someone to fake an 'official id', but because you do not have control over the system that is making the requests, it could be your application or anything else pretending to be your application.

这篇关于限制的API调用。只允许我的手机应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！