iosresthttpsios5

How to make https request and encrypt POST parameters?


I have developed a Mobile application that connect to my Web Servie via RESTful API.

Now, I need to protect my API by someone who could sniff it via WireShark. I just need to hide my URL and POSTed parameters in some way...How can i do it?

My risk is that if "someone" get my API's Url and change ?user_id parameter of each request could act as another users, and do bad things...

(I don't use Oauth 2.0)


Solution

  • The easiest way to accomplish this is to use HTTPS

    The client connects to the server

    Client and Server perform the SSL Handshake Clients sends encrypted something like

    POST /resource/ HTTP1.1 
    
    Name=Jonathan+Doe&Age=23&Formula=a+%2B+b+%3D%3D+13%25%21