Hi, iam finishing my app based on ionic 2, and one final thing i need to solve, is that i need to protect it from unauthorized usage. Are there any solutions for licensing or some best practises?
Define “protect it from unauthorized usage” please.
my app is some kind of attendance terminal in mobile. It sends data to server, and these data are then displayed in desktop app. I need to test somehow, if the user of the app has bought licence for it. I know i cant protect app from being copied, but i need to at least dont accept data/disable sending data from app without licence.
Simplest solution: Your backend has a list of “licence codes”. When the app first starts user has to enter this licence code. App saves it and sends it with each request. Backend can check and accept requests only if licence is valid. Problem: Everybody can just use a licence code he found via Google or something.
Still simple solution: Instead of only entering a licence code you make a normal login with username and password, everything else stays the same: Check if account exists. This binds usage to an email address and makes abuse less probable as it adds a “personal touch”.
You can then bind licence code or accounts to devices, IP addresses, countries, etc - whatever you like.
Something like this?
Instead of reinventing a very complicated and dangerous wheel, I would highly recommend using JWT.
JWT? Can u be a little more specific how to use it?
After all, i decided, that i will create small php application tho help me with licensing, probably based on codeigniter. I can log to this app and create some amount of licence keys. When someone buys my mobile app, i will provide license key with it. When application first starts, user has to insert license key, this will send request to server with license key and uuid. Php app checks if license key exists and if it has no uuid bind to it. Then it binds uuid to this license key.
Then everytime user is sending data, it checks, if the license key and uuid are correct.
This seems to me like a good solution, only problem is, when user changes his device. Then he would have to contact me and i will manually transfer license key to his new uuid. Any ideas how this can be solved?
And in this whole process, how can i integreate JWT, like rapropos proposed? (sorry for stupid questions, i havent work with jwt so far.