javascript - Restrict ajax API use to iOS / Android application -
given scenario have valuable data being served api (mysite.com/api/ooooooodata), how can access restricted ios / android app intended for? paramount data associated proper advertising via apps. if api can used apart that, data being given out free no reward advertising, or other developers using , stealing profits.
if web-only app, no issue restrict usage own site. because possible , important when dealing web, inclined think there in place deal issue other technologies. project using web technology cordova. there's no user system, authentication isn't option.
the measure know implement arbitrarily include key in code , send ajax requests, have server require key. since code in private repo, users jailbroken phones should able see code. that's weak solution , of risk.
is there standard , secure approach this?
you can use php code following:
<?php $agent = $_server['http_user_agent']; if(strpos($agent,'iphone') !== false){ // client iphone }else{ // client not iphone } ?>
and no, there not secure way this. (as far know)
Comments
Post a Comment