-2

I have an android app. It has a backend server.

What is the best way to verify that the request is made through my app ?

currently I use google auth token to verify user. Is there any other better way ?? Backend is in PHP and hosted on VPS (not using any BaaS service).

Sourabh
  • 105
  • 1
  • 8

1 Answers1

1

You can do by following,

  1. Use the additional Request Header, However, Header can be modified easily but it is being used for the prevention
  2. Use the random token in each ongoing requests or if you want to identify the user also, you may use UUID.

However, malicious user can also spoof the identity using request modification and there is no way to prevent it but you can add some level of identification.

Savan Gadhiya
  • 305
  • 1
  • 6