How to use SSL and HTTPS in a Vue capacitor mobile app

Hi! I coded an android app using ionic vue and capacitor. Very nice framework!
However, I’m novice in https and networking and I wonder how to secure my api calls.
I use a wordpress backend as a remote server and I want to call it from the mobile app.
For now I used capacitor-http plugin and everything works nice locally in http.
But Integration time has come and I need to implement https to secure the connection to the backend.

I have been surfing the internet and documentation but I can’t find any resource to help me understand how to do this. I heard about SSL pinning but it looks like it is only for angular.

Any help to setup https in my ionic capacitor vue app would be appreciated, even if it’s just keywords and links toward useful resources.

The best would be an overview of what I should do and I’ll workout the details myself.

Thanks in advance :slight_smile:

My infos:

Ionic CLI : 6.20.8 (…\npm\node_modules@ionic\cli)
Ionic Framework : @ionic/vue 6.3.8


Capacitor CLI : 4.5.0
@capacitor/android : 4.5.0
@capacitor/core : 4.5.0
@capacitor/ios : not installed


cordova-res : not installed globally
native-run : 1.7.1


NodeJS : v18.13.0 (C:\Program Files\nodejs\node.exe)
npm : 8.19.3
OS : Windows 10

As long as you are making your API calls with HTTPS, your data is being transmitted from your backend to your app in a secure/encrypted manner.

SSL Pinning is an extra layer of security. You can read more here - Capacitor SSL Pinning: The Extra Layer of Security Your Mobile App Needs - Ionic Blog

But how should I make the calls using https? Using capacitor http plugin using “https://” isn’t enough right?
I have to setup ssl certificates etc, no?

Right, your backend WordPress server would need to have an SSL certificate. Every web server these days should have HTTPS/SSL.

The go to free option is They need to be renewed every 90 days. If your hosting provider doesn’t support auto-renewing or you don’t want to set it up, then an inexpensive option that I’ve used is Their PostiveSSL cert would suffice. Or if you are hosting on AWS, they also offer free certs through AWS Certificate Manager.

Alright so if it’s just that, great!
I’ll mark you answer as solution I guess.

1 Like