What is the best practice to post data to a server, currently my database is a PostgreSql.
I would be posting to a REST Api and I want to be safe, to post I was going to use a token to verify that they are from the app but then if someone decompiles the app they will see the verification token and could then post to the API
String token = esR3bJM9bPLJoLgTesR3bJM9bPLJoLgT;
String apiUserLikes = current_server_address + "/api/user-likes/?token=$token";
final response = await http.post(
Uri.parse(apiUserLikes?token=$token),
headers: <String, String>{
'Content-Type': 'application/json; charset=UTF-8',
},
body: jsonEncode(<String, String>{
'userID': '1234567969855478',
'UserDisplayName': 'John Jones',
'liked': 'true',
'dateLiked': '2022/12/05 00:00:00',
'eventLiked': 'Music concert at The stadium',
}),
);
What is the best way to protect users details and still post to the server
Thanks
2
Answers
You could never verify that the user is from the app because he can send the same request with just the command line. Even with authentication, it is still impossible to confirm. The only way to make it safe is to validate the data sent and add restriction against abuse like how many times per minute an IP/user could send data or how much could it send/download.
Instead of using static token you can use OAuth2 compliant security mechanism where token expires and new refresh token is generated/issued,
You can use firebase Auth or something like to make your App Compliant with OAuth.
For firebase Auth you can check the following link:
https://firebase.google.com/docs/auth/