Issue
How to protect my backend from being accessed by other unauthorised front-end apps? I googled and couldn't find a solution that gives complete solution. How companies like Instagram,Facebook block unauthorised requests ? I read SSL keys can be found by reverse-engineering the front-end. I am a noob and building a social network for a project.Please guide me.
Solution
I'll try to get you started in the right direction.
How to protect my backend from being accessed by other unauthorised front-end apps?
You can protect your server by issuing access tokens. The only way a user can get a valid token is by authenticating with a valid username and password.
Typically, tokens are set to expire after a period of time. If you are looking for a turn key solution, JSON web tokens are a good place to start. More info here: https://jwt.io/
I googled and couldn't find a solution that gives complete solution. How companies like Instagram,Facebook block unauthorised requests ?
Facebook uses access tokens. https://developers.facebook.com/docs/facebook-login/access-tokens/
I read SSL keys can be found by reverse-engineering the front-end.
Access tokens can't be reverse engineered because they are not 'hard-coded' into the front-end. The access tokens are retrieved from the back-end via authentication. Additionally, tokens typically expire after a period of time. If the token has expired, then the user must re authenticate to receive a new (valid) token.
Answered By - bsheps Answer Checked By - Terry (PHPFixing Volunteer)
Posts
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.