|
|
|
|
|
|
by avitzurel
3515 days ago
|
|
|
First, secure (SSL) and verify the certificate on the mobile app. Make sure no MITM can read your response/request. For auth, my favorite auth is two fold For API access => Signature based verification, signing each and every request using a known signature algorithm with the secret key (only known to you and the app developer). For users => Token based authentication (lots of open source solutions out there). |
|
|