Protect Rest Api without authentication


#1

Hello everybody,

is there a way to protect a REST API without authentication?
What I mean is that I would like to let only my app accessing the API on my server.
Is that possible without biulding an authentication system? I don’t want the users to create an account, but just use my app.

I was thinking to insert in the app a public key, but this doesn’t fix the problem, because it would be in readable text for someone that opens the app.

thanks in advanced for support!


#2

yep thats a problem for mobile apis.

You can only do a little bit cosmetics like generate a “secret”-key put it in your app and send it as header data in every request to “authorize”.

it is the same with restricted data-streams/images, videos and so on.
I do not know how to make them not readable outside of the appcontext :confounded: .

But i want to avoid building a monster for authentication --> like app starts --> apps sends a fingerprint and you are generating a token for the device and appversion (store them in a db) … and so on… Because the effect is simply the same as the simple way.


#3

Do you think that building server side an IP controller could be usefull?
I mean set a cap for the IP request to avoid software to get data…


#4

Did you had any success in above?