I am designing a REST API as a backend service for android app of a startup. The startup currently has a web version of their service with around 10k users. I have a couple of doubts regarding the design of web APIs:
- How do I make my API secure?
I want only the Android client to access the API and no one else. One way would be to send an encrypted token from the front-end and decrypt on the back-end. Is there any other way? Also, how should I implement it?
- How to make my API fast and efficient?
There is a particular endpoint which is accessed very frequently. The information on that endpoint does not change much though. Therefore requests that are made within a short time frame are most likely to return the same response. How do I make response of such requests faster? Would ETag and Last-Modified do the job?
- Should I trust data from my client?
Currently when I receive a request with some parameter the only check I perform on the request is to check if the parameter is null or not. For eg. If a request has mobile as a parameter I only check if the mobile parameter is present in the request. I do not perform other checks like checking the if length of mobile is less than 10 then throw an exception.
Aucun commentaire:
Enregistrer un commentaire