<p>I&#39;m building SPA and I&#39;m using JWT as authorization mechanism. Everything works nice but what if I want to build mobile app and I want to make it exclusive for that app? To be more precise, I want to build Android app and I want to limit my API so it can only be used by my Android application. </p>
<p>In &quot;classic&quot; web pages I have CSRF tokens that are generated on backend and they are appended to POST request. How can I handle that on Android apps, what is the best practice?</p>


I'm building SPA and I'm using JWT as authorization mechanism. Everything works nice but what if I want to build mobile app and I want to make it exclusive for that app? To be more precise, I want to build Android app and I want to limit my API so it can only be used by my Android application. 

In "classic" web pages I have CSRF tokens that are generated on backend and they are appended to POST request. How can I handle that on Android apps, what is the best practice?

How to build APIs that can be consumed only by my Android app?

Product

Explore

Company

Blogs

Support