<p>I&#39;m building SPA and I&#39;m using JWT as authorization mechanism. Everything works nice but what if I want to build mobile app and I want to make it exclusive for that app? To be more precise, I want to build Android app and I want to limit my API so it can only be used by my Android application. </p>
<p>In &quot;classic&quot; web pages I have CSRF tokens that are generated on backend and they are appended to POST request. How can I handle that on Android apps, what is the best practice?</p>


I'm building SPA and I'm using JWT as authorization mechanism. Everything works nice but what if I want to build mobile app and I want to make it exclusive for that app? To be more precise, I want to build Android app and I want to limit my API so it can only be used by my Android application. 

In "classic" web pages I have CSRF tokens that are generated on backend and they are appended to POST request. How can I handle that on Android apps, what is the best practice?

How to build APIs that can be consumed only by my Android app?

Product

Explore

Company

Blogs

Partner with us

Support

Comparisons

Comparisons