How to make REST API to be accessed only from trusted (my) application?

by Jignesh M. Khatri   Last Updated February 06, 2018 04:05 AM

How can we safeguard REST API to be accessed only from trusted clients? Let me explain the scenario, lets say there is an API which will be accessed from mobile application MA and web application WA. Besides these two applications, this API should not (and must not) be accessed by any other client.

Key Points:

  • I cannot use token based authentication here, as user is not required to login to application to access (or just read) the information.
  • Embedding any secret information inside the application, to be sent along with the API request, is not secure, as that secret can be leaked (though using SSL) to potential user using reverse engineering.

In this scenario, what is the best way to secure REST API?

Related Questions

API authentication with a single ID

Updated May 21, 2015 22:02 PM

Restful User/Password Authentication

Updated August 19, 2015 18:02 PM