I have an android app that fetches and inserts data to db using rest api hosted on a shared hosting platform. My problem is whenever if someone types the end point of my url in browser they can see all the folders and files. How to restrict access to my android app only. By the way I am not using authentication in my app. How do I restrict my end points to be accessed only from the app
3
- Sound like you misconfiged your host, please look at this: stackoverflow.com/questions/2530372/…catcon– catcon2020-07-29 22:35:08 +00:00Commented Jul 29, 2020 at 22:35
- 1Does this answer your question? Restrict API requests to only my own mobile appcatcon– catcon2020-07-29 22:39:24 +00:00Commented Jul 29, 2020 at 22:39
- The only way to do it is to add authentication. Typically you would get a bearer token when signing in, and then you attach that token in the headers with every API call. If the rest API gets a request without a token, it can return a 403 error.Daniel Nugent– Daniel Nugent2020-07-29 22:58:40 +00:00Commented Jul 29, 2020 at 22:58
Add a comment |