What is the best method to log in to android and webservice php Restful?

Asked

Viewed 1,203 times

5

I am building an application that needs login, I have already created the webservice in php using Slim.

I am currently using a POST, passing a json with email and password for the webservice to return the json of the corresponding user, but I believe that is not the best way.

If you can suggest me a better way using these technologies.

Thank you.

  • it is advisable at least to use an NCODE and send a string and not email and keyword as Plain text...

  • See retrofit below for the http://square.github.io/retrofitlibrary/

  • post the code so we can analyze and suggest changes.

  • Making a match of your string before sending will not solve anything, the code will be on the client’s side, just inspect. There is no problem as long as you use the POST and a secure connection (https) to send the login data. Facebook, Twitter, etc... that use the HTTP protocol to do authentication work like this.

  • Look I think you could do this check by get which is a faster and simpler type of request, since it’s just to validate email and password, use Get. Note: Remember to encrypt the email and password before sending to the server.

1 answer

2

Hello!

To do the check you can yes send the user credentials as you are doing(it has to be https), and as you will use on mobile, I believe it is more appropriate to work with JSON Web Tokens (JWT) for the return!

JWT

You return a token to the user, save this token and in any request that the user makes this token will be together. This way, you can validate the token on your server and continue with the action if it is valid or simply deny the token because it has already expired or invalid.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.