I have developed a Mobile application that connect to my Web Servie via RESTful API.
Now, I need to protect my API by someone who could sniff it via WireShark. I just need to hide my URL and POSTed parameters in some way...How can i do it?
My risk is that if "someone" get my API's Url and change ?user_id parameter of each request could act as another users, and do bad things...
(I don't use Oauth 2.0)
The easiest way to accomplish this is to use HTTPS
The client connects to the server
Client and Server perform the SSL Handshake Clients sends encrypted something like
POST /resource/ HTTP1.1
Name=Jonathan+Doe&Age=23&Formula=a+%2B+b+%3D%3D+13%25%21