Question
I have web and mobile versions of registration API. I have CAPTCHA in web-version to verify human or bot. Im afraid that someone can get mobile api registration parameters, make script and begin to brute force user's emails etc. And i don't want to make CAPTCHA in mobile app.
What can i do to verify real device?
Solution
My suggestion is you need to encrypt the payload using any encryption algorithm like AES or RSA so that attacker cannot get parameters easily or did not get.
Also you can apply following in client-server communication for better security,
1> Cryptographic algorithm with password based key.
2> Use of SSL
https://stackoverflow.com/questions/21722231
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian