6

I'm working on developing a native android application to retrieve data for a user from my company's website.

Because the data is specific to the user, I need to authenticate with our web server, but I'm unsure of the best way to go about this. I've been reading about REST/SOAP/HTML form auth, but I can't really find any definite 'this is how its done' anywhere. I know mobile apps do this kind of thing all the time - just look at facebook/skype/any email app - you have to login before you can do anything.

My question is - how should I architect the server side code (php) to easily allow me to authenticate a user from my android device?

I'm fairly new to the 'web service' arena - does this fall into that category? Are there any tutorials you guys would recommend looking at?

Thanks!

Improve this question
1
  • You may serve all pages via HTTPS (SSL/TLS), supply user credentials from Android to the API via HTTP Basic Auth, and use $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] with github.com/delight-im/PHP-Auth in the API on every request. That should be both quite simple to implement and reasonably secure. Commented Oct 21, 2016 at 21:08

2 Answers 2

Reset to default
5

While I haven't developed for Android, I can suggest that you simply rely on some stateless authentication scheme, such as HTTP Basic or Digest. This means that the credentials will be passed with each and every request, and you avoid having to keep track of state, which means you can keep your API nice and RESTful.

I suspect if I were writing an android app, in most cases, I'd probably first try to get communication working with something at-least-vaguely RESTful, using HTTP Basic auth, and JSON encoding (just because PHP makes (de)serializing JSON so easy).

Of course, depending on your problem domain, that might not be ideal, but it's a good architecture to try first, because it's pretty easy all-around. If it fails you, you can go back and start swapping parts out, until you find the right architecture.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks a bunch! This is a great place for me to start. I hear JSON is pretty easy to parse on the android side of things as well.
1

Some mobile apps use OAuth to authenticate with a web server, such as twitter has. This may not be exactly what you're looking for, but none-the-less here's an example: You would log in to web service and authenticate the mobile app (which would have requested access) to be able to utilize your data on web service, like an access key (actually called a token) with which the mobile app then utilizes to communicate with the web service on your behalf; the token could be then passed as part of the url. You'll still likely want to consider SSL or some level of encryption.

This post may also be of help for you

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.