Interferon Posted December 10, 2022 Posted December 10, 2022 Web API responses can be easily spoofed. For license management, what do you think is the best approach to encrypt the Web API response so that it's impossible to create a fake response? Is there any built-in functionality for this in IPB or should I use an intermediate script that fetches the data from IPB and then encrypts it?
Randy Calvert Posted December 10, 2022 Posted December 10, 2022 (edited) In terms of submitting a request to the API, you need to pass an API key. This should authenticate the request (meaning you now know “who” submitted the request). Check out the authentication section of:https://invisioncommunity.com/developers/rest-api If you choose to use SSL/TLS, you have encryption of the request to prevent “man in the middle” attacks where someone could read/intercept the data being exchanged in transit. Edited December 10, 2022 by Randy Calvert
Interferon Posted December 11, 2022 Author Posted December 11, 2022 Yeah, I am trying to also enforce license validation, so the user cannot set up fake responses to trick the software into thinking their subscription plan is active when its not. I used an intermediate script on our server with a list of pre-determined encryption keys both the server and application have, as well a question / answer scheme, which makes the whole thing pretty secure.
Recommended Posts