[Flask] Flask secret key for mobile app client
saikat_sarkar
saikat_sarkar at hotmail.com
Mon May 30 07:41:35 EDT 2016
Stop this spam
Saikat
Sent from Samsung Mobile
-------- Original message --------
From: aiman parvaiz <aimanparvaiz at gmail.com>
Date:30/05/2016 1:16 PM (GMT+05:30)
To: Unai Rodriguez <unai at sysbible.org>
Cc: flask at python.org
Subject: Re: [Flask] Flask secret key for mobile app client
The case under consideration is that right now any one can jump on a tool
as simple as Postman(on Chrome browser), construct the API call and get
data from the backend. I need a way to allow only mobile devices with the
installed app to see the returned data and how can I ensure that a API call
from any client other than mobile devices don't get a response from my
server.
I would appreciate any help I can get here.
Thanks
On Mon, May 30, 2016 at 12:07 AM, Aiman Parvaiz <aimanparvaiz at gmail.com>
wrote:
> Thanks for the response Unai. This app would be open to the general public
> indeed. Can you please throw more light on SSL+ authentication?
> I would be using SSL for this but what do you mean by authentication from
> mobile phone?
>
>
> Sent from my iPhone
>
> On May 29, 2016, at 9:09 PM, Unai Rodriguez <unai at sysbible.org> wrote:
>
> If the people using the app can be anyone (I.e. it's open to general
> public) you cannot. Typically SSL I.e. HTTPS) plus authentication is used
> for this.
>
> If the people that are supposed to access have something in common (I.e.
> they come from a specific office, etc) then you might be able to add rules
> on a firewalll. But that can be a problem (rules not correct or people
> accessing through a VPN etc). I guess the only way is if the app is served
> only to the people that are supposed to access the through some sort of a
> corporate /private network .
>
>
>
> -- unai
>
>
> On Mon, May 30, 2016, at 09:56 AM, aiman parvaiz wrote:
>
> Hi all
> I am new to flask and am writing a REST API backend for a mobile app. My
> question is how can I ensure that call to my endpoints is only being done
> by my mobile app and not by some one who has guessed the endpoint.
> What would be the best way to avoid this kind of behavior.
> Thanks
> *_______________________________________________*
> Flask mailing list
> Flask at python.org
> https://mail.python.org/mailman/listinfo/flask
>
>
>
> _______________________________________________
> Flask mailing list
> Flask at python.org
> https://mail.python.org/mailman/listinfo/flask
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/flask/attachments/20160530/c791b114/attachment.html>
-------------- next part --------------
_______________________________________________
Flask mailing list
Flask at python.org
https://mail.python.org/mailman/listinfo/flask
More information about the Flask
mailing list