Interferon Posted December 10, 2022 Share Posted December 10, 2022 Web API responses can be easily spoofed. For license management, what do you think is the best approach to encrypt the Web API response so that it's impossible to create a fake response? Is there any built-in functionality for this in IPB or should I use an intermediate script that fetches the data from IPB and then encrypts it? Link to comment Share on other sites More sharing options...
Randy Calvert Posted December 10, 2022 Share Posted December 10, 2022 (edited) In terms of submitting a request to the API, you need to pass an API key. This should authenticate the request (meaning you now know “who” submitted the request). Check out the authentication section of:https://invisioncommunity.com/developers/rest-api If you choose to use SSL/TLS, you have encryption of the request to prevent “man in the middle” attacks where someone could read/intercept the data being exchanged in transit. Edited December 10, 2022 by Randy Calvert Link to comment Share on other sites More sharing options...
Interferon Posted December 11, 2022 Author Share Posted December 11, 2022 Yeah, I am trying to also enforce license validation, so the user cannot set up fake responses to trick the software into thinking their subscription plan is active when its not. I used an intermediate script on our server with a list of pre-determined encryption keys both the server and application have, as well a question / answer scheme, which makes the whole thing pretty secure. Link to comment Share on other sites More sharing options...
Recommended Posts