evilswan on Hacker News

Ask HN: How do I ensure that a real iOS client is using an API

Hello HN! Hoping I can tap the colossal power of the HN hive-mind.

Working on a project where an iOS client hits an API. How do I ensure that only my 'real' client is allowed to use it?

I could bake a secret token into the app, but surely it will just be sniffed (HTTPS only, but a MITM proxy?) or the app decompiled and the token extracted (Like the Sony PS3 master key).

Is there any reliable way to ensure that a hacked, dummy version of my app can't use the real API?

Thanks HN!

4evilswan14y ago6

Idea Dump 5 (opens in new tab)

(willgrant.org)

1evilswan14y ago0

Ask HN: What should I build an iOS API in?

The system will be a CRUD back end for an iOS app, later offering a web app, then otehr clients, etc. I'm outsourcing it, so the choice of language/appserver will be up to the lucky (!) programmer.

Will be RESTful with JSON data exchange. Linux on EC2.

Other than that - what would you say would be the best route for:

- Low system overhead - Fast performance - Low resource usage - Scalability to multiple appservers (eventually)

Ruby on Rails? Pyton / Django? PHP on a framework?

Or doesn't it matter?

6evilswan14y ago15

Ask HN: How do I ensure that a real iOS client is using an API

Hello HN! Hoping I can tap the colossal power of the HN hive-mind.

Working on a project where an iOS client hits an API. How do I ensure that only my 'real' client is allowed to use it?

I could bake a secret token into the app, but surely it will just be sniffed (HTTPS only, but a MITM proxy?) or the app decompiled and the token extracted (Like the Sony PS3 master key).

Is there any reliable way to ensure that a hacked, dummy version of my app can't use the real API?

Thanks HN!

4evilswan14y ago6

Idea Dump 5 (opens in new tab)

(willgrant.org)

1evilswan14y ago0

Ask HN: What should I build an iOS API in?

The system will be a CRUD back end for an iOS app, later offering a web app, then otehr clients, etc. I'm outsourcing it, so the choice of language/appserver will be up to the lucky (!) programmer.

Will be RESTful with JSON data exchange. Linux on EC2.

Other than that - what would you say would be the best route for:

- Low system overhead - Fast performance - Low resource usage - Scalability to multiple appservers (eventually)

Ruby on Rails? Pyton / Django? PHP on a framework?

Or doesn't it matter?

6evilswan14y ago15

evilswan

Recent submissions

Wapple triumph over Apple in UK trademark dispute (opens in new tab)

Every Super Mario Bros level condensed onto one screen each (opens in new tab)

Poddle: simple video podcasting is seeking crowdfunding (opens in new tab)

Rackspace migration was because of a security fix, extra ? char in the ticket... (opens in new tab)

Brendan Eich of Mozilla gave $1000 to support gay marriage ban (opens in new tab)

Ask HN: How do I ensure that a real iOS client is using an API

Idea Dump 5 (opens in new tab)

Order a 3D-printed snowman based on your Twitter data (opens in new tab)

Ask HN: What should I build an iOS API in?

Recent submissions

Wapple triumph over Apple in UK trademark dispute (opens in new tab)

Every Super Mario Bros level condensed onto one screen each (opens in new tab)

Poddle: simple video podcasting is seeking crowdfunding (opens in new tab)

Rackspace migration was because of a security fix, extra ? char in the ticket... (opens in new tab)

Brendan Eich of Mozilla gave $1000 to support gay marriage ban (opens in new tab)

Ask HN: How do I ensure that a real iOS client is using an API

Idea Dump 5 (opens in new tab)

Order a 3D-printed snowman based on your Twitter data (opens in new tab)

Ask HN: What should I build an iOS API in?