
Security in Web service api - hoangvukenshin
Hi everybody, 
Currently, I&#x27;m building a website service which provides API for the native app. And I&#x27;m considering some solution for security like base auth and token. 
Can you suggest some solution for it ?
Thank you so much.
======
avitzurel
First, secure (SSL) and verify the certificate on the mobile app. Make sure no
MITM can read your response/request.

For auth, my favorite auth is two fold

For API access => Signature based verification, signing each and every request
using a known signature algorithm with the secret key (only known to you and
the app developer).

For users => Token based authentication (lots of open source solutions out
there).

------
brudgers
Curious what you have considered already.

