質問
I have a public REST API that I want to protect. I've read about HTTP basic authentication, OAuth, APIs Key ... but as far as I know, this methods require registration (username and password). I want that the users (Android apps) of my service can use it without registration and login.
So, ideally, I want that only Android apps can use the service and I would like to control the usage of the service. I've thought about get something unique about Android devices but I think it is easily falsificable.
The reason for no registration is that the service is very simple (check out the bus arrivals, and participate sending some time arrivals) and I think is overkill that users have to provide a username/password for such a simple service.
How I can achieve this?
解決
I want that only Android apps can use the service... How I can achieve this?
You can't.
You can try to casually reduce the number of things other than Android apps that can use your service (e.g., have your app use a custom user agent header in the HTTP requests, and use SSL). However, people who are determined to get past that will be able to do so, by reverse-engineering your app, or sniffing on the HTTP traffic.
https://stackoverflow.com/questions/19707368
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian