Hello everybody,
is there a way to protect a REST API without authentication?
What I mean is that I would like to let only my app accessing the API on my server.
Is that possible without biulding an authentication system? I don’t want the users to create an account, but just use my app.
I was thinking to insert in the app a public key, but this doesn’t fix the problem, because it would be in readable text for someone that opens the app.
thanks in advanced for support!
yep thats a problem for mobile apis.
You can only do a little bit cosmetics like generate a “secret”-key put it in your app and send it as header data in every request to “authorize”.
it is the same with restricted data-streams/images, videos and so on.
I do not know how to make them not readable outside of the appcontext 
.
But i want to avoid building a monster for authentication --> like app starts --> apps sends a fingerprint and you are generating a token for the device and appversion (store them in a db) … and so on… Because the effect is simply the same as the simple way.
Do you think that building server side an IP controller could be usefull?
I mean set a cap for the IP request to avoid software to get data…
Did you had any success in above?