Reputation: 11044
How to determine whether HTTP API request came from iPad
We're developing an HTTP API for an iPad app, and we're thinking of only allowing the API to be accessed via an HTTP request that came from an iPad.
I'm not thinking of something like the User-Agent, because that can easily be forged, but more like some kind of authentication scheme that ties in with the App Store? Maybe the App Store signs each app with some kind of private key, and then you could insert that signature as a query parameter or header in the request and check on the server side whether the signature is from a legit iPad.
Is something like this possible or even a good idea?
Upvotes: 0
Views: 412
Answers (1)
Reputation: 19867
If you control both the iPad app and the server app, you should be able to use PKI to validate that a request came from a legitimate app. Embed the public key in the app itself, use it to encrypt a value you put in a header field, and then use the private key on the server to decrypt and validate the received header value.
Upvotes: 1
Related Questions
- How to authenticate http requests from an iOS app?
- Check if PHP-page is accessed from an iOS device
- Check if request came from a webview or browser on iOS?
- Distinguish between nsurlrequest from iphone and ipad
- Detecting http request from a mobile app
- Determine if a http request is coming from a phone app or browser
- How to detect whether a site is browsing from IPAD or not
- how to call web api service from ipad application using basic authentication through http headers?
- How to prevent unauthorized HTTP requests?
- how to identify the request come from which device?