Jump to content

Featured Replies

Posted

Web API responses can be easily spoofed. For license management, what do you think is the best approach to encrypt the Web API response so that it's impossible to create a fake response? Is there any built-in functionality for this in IPB or should I use an intermediate script that fetches the data from IPB and then encrypts it?

In terms of submitting a request to the API, you need to pass an API key. This should authenticate the request (meaning you now know “who” submitted the request).  

Check out the authentication section of:
https://invisioncommunity.com/developers/rest-api

If you choose to use SSL/TLS, you have encryption of the request to prevent “man in the middle” attacks where someone could read/intercept the data being exchanged in transit. 

Edited by Randy Calvert

  • Author

Yeah, I am trying to also enforce license validation, so the user cannot set up fake responses to trick the software into thinking their subscription plan is active when its not. I used an intermediate script on our server with a list of pre-determined encryption keys both the server and application have, as well a question / answer scheme, which makes the whole thing pretty secure.

Recently Browsing 0

  • No registered users viewing this page.