How to secure an Ionic app


I’ve just started an Ionic app that will communicate with an external supplier trought an API, where I need to send an appKey and a signature.

I wrote the sensitive data (appKey and secret) in a PHP file and uploaded to my server, and from this file I make a request to the endpoint of my supplier.

The problem is that this file can be called from anyone that writes in a browser the appropiate url, and as a consequence get data from my supplier.

I think the solution could be add a restful backend added to my ionic app, but I have no idea how to implement that or how to make it work in Android/iOS devices.

Any advice?


You should secure your PHP backend with JWT


Ok thanks! I’ll give it a try and post my results/doubts when I’m done