Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

What are the best practices to create PHP/API to use with mobile application to get news feed?

To create an API used by mobile ( android / IOS ) to retrieve information to be displayed by phone. Architecture , security , best practices , frameworks

user-image
Question ajoutée par islam khalil , Technical Manager , iCloudit
Date de publication: 2013/04/28
Hamzeh Abu Zakham
par Hamzeh Abu Zakham , Director of Software Development , bayt.com

I have the following hints and ideas that might be usefull to you to build up a secured API for mobile usage: - You should use SSL (https) to protect the data exchange between the mobile app and your web server.
- To build an authrisation layer that is hard to be hacked, where your web application knows for sure that the call is coming from an authrized mobile device is possible, even without storing an encryption key on the mobile device, make the key dynamic and attach it to the user session.
How :
1- i assume your app requires login, or at least a session.
at the web server with every new session attach a randomly generated string that is long enough for step2.
make the session API call a POST only, and send the session info along with the random string
2- the mobile app/web server, after session initiation, should read that random string, and select certain portion of it as encryption key.
( could be a prefix, mid fix and postfix combination in order to make it hard for a hacker to guess the key ).
i.e ab34prefix763hhsbv9midfix76152gjuhg9postfix
3- use prefix+midfix+postfix to encrypt data from server, and use the same to decrypt the data in the app.
you can send this string with every request if you choice not to store it temporary in the mobile app.

4- make sure you always communicate your random string over SSL using POST.

Muhammad Majid Saleem
par Muhammad Majid Saleem , Senior PHP Developer / Project Manager , SwaamTech

This is very easy to do.
This is just feed reading and passing response to mobile application so there would not be any confidential data to be passed.
Right? So, follow the instructions: - Create a simple PHP page.
- Read News Feed from its urls.
- Parse its data into an ARRAY.
- Make Json_encode to parsed ARRAY and pass it to your appliction.
[Mostly applications used JSON nowadays.] - There is not hard and fast rule to use JSON.
You can use XML to pass data to your Mobile Application.
I guess - we don't need to use any framework for such simple tasks to improve efficiency.
Even then it is up to you if you want to use any framework.
Similar case with Security option.
If you just want to read News Feed then I don't think so that you need to apply any security because any one can directly read data from original Feed Url.
But it still depends on you if you want to apply securities there is no limitation.

islam khalil
par islam khalil , Technical Manager , iCloudit

Am Sorry , i know it public feed and no confidential data , but i want my mobile application only can consume this API .
so no one crawl this API and get all data easily from it.
i had many solution for this , but am looking for best practice.
My solution :
1- Create APP Key sent every time with application request to grant connection.
( but am worry about storing this in user device )
2- Create for each user token generated by the API stored in his device salted in hashed bu also am afraid from saving the public key encryption code on his device , as it also could ease the process of accessing the API.
so i need best practice for this , and want to ensure that if there is a way where i can hide those keys from being extracted from the mobile application package.

David Baiden
par David Baiden , Security , ACON

. To create an API used by mobile ( android / IOS ) to retrieve information to be ...

Nouraldeen Abuzayda
par Nouraldeen Abuzayda , Senior Software Eng , Green stone

to get news feed you have 2 ways:

1- public use:

in this case you will use the rss feed from the website

2- private use:

in this case you have to develop a custom API to read and pass the news to mobile app, this use it's more secure 

Hazem Maattoq
par Hazem Maattoq , Operation Manager , Linkup

You can use RSS technology, where you can select one channel or more, select the language, and date, then parsing the received data

maybe you can sent the last news ID your device had been received, and publish RSS after this ID

More Questions Like This