How to allow api access to android or ios app only(laravel)?

- 1 answer

Ad

I am implementing an api in laravel.

what I want is my api should not be accessible from anywhere except from android/ios app.I googled and came to know that I can make use of API KEY.

But I am not sure is it correct way or not.

Currently using OAuth2 for user authentication.

Please help.

Ad

Answer

Ad

What you want to do is to create a token for each user, save it in the client's device , verify it in each request that the client makes.

So basically you want to:

  • Make a column for the token in the users table
  • generate the token when the user registers
  • make a login route so that the user would login with his email,password and he will getback the token to store in the device
  • make a middleware that would check for the token in each request ( except for the login )

I wrote an article of the exact same thing you want

https://medium.com/@alhasaniq/how-to-add-token-based-authentication-to-laravel-app-s-to-use-in-api-s-1a0e45f9106#.15e3f9quu

Ad
source: stackoverflow.com
Ad