3

I google search many time about how to authenticate Restful API and Mobile App. I found a lot answers but I feel not better, or perhaps because I am new in API.

My Willing:

  • Mobile App request or post data to Restful Server
  • Restful Server Authenticate Mobile App by Username And Password Login
  • I want to secure on Restful Server And avoid hacker steal password and request data.

After searching by google they told:

  • use Https with SSL
  • authenticate username or password then generate new token and signature
  • use token and signature to authenticate Mobile App.
  • Other way use Oauth 2.0. After reading Oauth 2.0 document,

I still think its structure still similar token and signature above.

I think if like that, mobile app can store or use token and signature, or hacker can debug or see process log in by proxy request. I feel still not secure because we still use token and signature on requesting.

I just start my new knowledge in API. If I misunderstand, I am sorry. I use PHP coding.

Improve this question

1 Answer 1

Reset to default
1

I would recommend jBoss's Keycloak (http://www.keycloak.org/). From the first page:

Add authentication to applications and secure services with minimum fuss. No need to deal with storing users or authenticating users. It's all available out of the box.

You'll even get advanced features such as User Federation, Identity Brokering and Social Login.

For more details go to about and documentation, and don't forget to try Keycloak. It's easy by design!

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.