Securing Symfony 3 APIs for use by only a mobile app

0 投票
最新提问 用户: (120 分)

Ok. So I have a Symfony 3.2.8 project. It's a fairly simple one, fetching data from a database and displaying them through the web browser.

Now, I created separate routes that get the exact same data from the database, but instead of showing them using HTML, it returns the raw JSON data that I will use for a mobile app that I am also working on.

The problem is that I don't want the API links to be accessed from anywhere else other than my mobile app.

Also, I don't have any form of user authentication of my web app (no login/registration).

I've tried generating hash keys and embedding them onto the requests made by my mobile app. After the request is sent, my web app will check if the key matches the one I've embedded into it. If they match, the web app will give the data. Otherwise, send them a 403.

But I know very well that this is vulnerable to being sniffed-out. Are there no new ways to get around this?

Web Project is created with Symfony3. Mobile app is made with Ionic 3.

登录 或者 注册 后回答这个问题。

欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。