Reputation: 1220
Android : How to make secure requests and get responses to/from a PHP website?
I'm working for a business whose users are seeking for houses to rent. These can be viewed through our website.
I am looking to create an Android application to help people find the houses on their smartphone. How can I make the mobile application get the data from the webserver (PHP/MySQL *) and make requests to it?
Isn't this the definition of a web service? Then what kind of webservice is supported by PHP and the Android platform version 8 (2.2 Froyo)?
There is one important requirement: it should be secure, by requiring authentication from the application, i.e. only the application would be able to access the data.
* Python 2.6.6 is supported. I truly love Python but I'd prefer not mixing server languages, as 100% of the website is written in PHP.
Upvotes: 0
Views: 2375
Answers (2)
Reputation: 5410
How can I make the mobile application get the data from the webserver (PHP/MySQL *) and make requests to it?
On Android you have an older version of the Apache HTTP Client available. So that side is covered for making HTTP requests from your app to your server:
HttpClient client = new DefaultHttpClient();
HttpGet request = new HttpGet("https://www.myserver.com/webservice/xyz");
HttpResponse response = client.execute(request);
With just 3 lines of code you have a GET request.
Then what kind of webservice is supported by PHP and the Android platform version 8 (2.2 Froyo)?
There is a variety of different web-service libraries available for PHP like SOAP and other XML based protocols. Personally I wouldn't go for that, because XML is bloated. You want to keep the transmitted data small between server and client, because you are dealing with mobile devices, limited bandwidth and costly data-plans. JSON is a more compact alternative to XML. You could also create your own "binary" data format for exchanging data between server and client.
On the Android side you just need to look for a suitable Java client library for the web-service of your choice. Or if you go for a custom solution you just code it yourself.
There is one important requirement: it should be secure,
Use HTTPS
by requiring authentication from the application, i.e. only the application would be able to access the data.
That cannot be reliably enforced, unless you are dealing with user logins, then yes. If you do require your users to log in, then take a look at OAuth.
Don't store plain text passwords, neither in your client app nor on your server.
If you just want to enforce that only your app can access that web service then you could add something like a "client secret" string to your app's HTTP request headers. Your server would require that secret string to be present, otherwise access will be denied.
This wouldn't stop people from looking at your app for figuring out that secret, though. You can make it a tad harder by obfuscating that secret string, like randomly jumbling around the letters and so on.
You could also regularly change the client secret with each major update. This would require that your users have to update, otherwise they will be locked out.
Upvotes: 2
Reputation:
You may want to consider implementing a function to query a PHP server for JSON data in your Android application (like json-simple), and in your server a way to retrieve a GET request (look at interperting $_GET and then sending back JSON too).
You can use XML, plaintext, or anything else too, but JSON is probably the smallest and the quickest to implement.
Upvotes: 0
Related Questions
- How to send and retrive data from php to java/android?
- How to make HTTP Requests in android application
- Android How Get Responce from Web Server from the following URL With Authentication UserName and Password
- Using php server to respond to http requests from Android
- Android App with PHP Server Communication
- secure http call in android
- Sending HTTP Request in Android
- Connect php with Android, security methods
- php webservices with android
- securing connection to php server