Creating Secure API For Mobile
Here are the few steps we are taken to make more secure api’s in one of the project.
Firstly we created a signed_key from all the parameters we are sending from mobile by appending each parameters in alphabetical order
These signed_key also need to sent with parameters which is encrypted with secret key for ex – “Abc123$”
Now when a website get a request from the mobile. the website will also generate a signed_key by using all the parameters and that secret key .
we used Hmac-sha1 algorithm for encryption for better we can use more bit key as well.
Now when a signed_key created by mobile and signed_key created by web match then only we give response to him or else we will give a empty json response with 406 Status code header.