Registration and issuance token



  • Hello, I have a server on php. I'm applying to my Android and getting data in json format. This json can get into the hands of any man, for example, if you get an address that you're going to get.

    I've been advised to do the copying in the app for the token.

    I can't find information on this subject. Where do we start?

    Squeeze a few articles, please, thank you.



  • It's not complicated.

    (1) Each application has guid.

    (2) You copy in your annex (e-mail+password for example) and record in the copying database for this annex (guid), generating an arbitrary token (any key, more often stringular), e.g. md5 from email+time().

    (3) Turning to the closed parts of your api, you transmit guid+token, and your annex checks if the token for this guid exists (and is not closed, so you can give him life, or close it at logout of the user from the application), then give the answer, and if it's closed, send the copy.

    It's a very common mechanism, just to explain the pattern of work. In fact, someone makes it harder, someone changes something, someone leaves it. For example, instead of writing your own copying, it is possible to reboot oauth. Although writing does not present particular difficulties; )




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2