So I am busy building an API in express for a mobile app. But it is time I start thinking of authentication.I could obviously go with HTTP basic auth, but that means storing the credentials in the app itself. So if the app is decompiled, the attacker can use the API maliciously.What I was thinking is that I just expose the API user register and login routes publicly then require a token from the user login to access further routes.Anyone have any other suggestions?
Submitted November 19, 2017 at 01:29PM by thezadmin
No comments:
Post a Comment