I know this is very similar to an older ionic-1 post, but I thought maybe it needs a refresher. So I have an app which a few commentators/reviewers felt would benefit from just having it as a paid app and not require any type of user registration/login.
My issue with this are the RESTful API calls to the backend server. How can we make sure it’s just our app calling the API method? I honestly don’t see how it could be done other than embedding a Secret Key or something inside of the app…but that could easily be sniffed out.
Ideally, it would be great if there was a self generating token inside of the app itself which could then be somehow authenticated by the API backend much like we do when using Firebase tokens.
I’m open to any suggestions, but I really don’t see how this really could be done securely and allow us ways to “change” the SecretKey to make sure they are an authorized user of the app. Personally I think registration for any platform these days is pretty much expected and I think the posters are a bit unrealistic, but again…open to any thoughts on this subject.