Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted December 10, 20222 yr Web API responses can be easily spoofed. For license management, what do you think is the best approach to encrypt the Web API response so that it's impossible to create a fake response? Is there any built-in functionality for this in IPB or should I use an intermediate script that fetches the data from IPB and then encrypts it?
December 10, 20222 yr In terms of submitting a request to the API, you need to pass an API key. This should authenticate the request (meaning you now know “who” submitted the request). Check out the authentication section of:https://invisioncommunity.com/developers/rest-api If you choose to use SSL/TLS, you have encryption of the request to prevent “man in the middle” attacks where someone could read/intercept the data being exchanged in transit. Edited December 10, 20222 yr by Randy Calvert
December 11, 20222 yr Author Yeah, I am trying to also enforce license validation, so the user cannot set up fake responses to trick the software into thinking their subscription plan is active when its not. I used an intermediate script on our server with a list of pre-determined encryption keys both the server and application have, as well a question / answer scheme, which makes the whole thing pretty secure.