Hello, I have a php server.
I access the page from my android application and receive data in json format. This json can fall into the hands of any person, for example, if you find out the address to which the get-request is being sent.
I was advised to authorize the application with the issuance of a token.
I cannot find information on this topic.
Where to start?
Drop a couple of articles please, thanks.
Answer 1, authority 100%
It’s not difficult here.
1) Each application has a guid.
2) You do authorization in your application (for example, by email + password) and fix the authorization for this application (guid) in the database, generating an arbitrary token (any key, usually a string), for example, md5 from email + time () .
3) When accessing the private parts of your api, you pass a guid + token, and your application checks if the token for this guid exists (and is not closed, because you can set it to expire, or close it when logging out the user from application), then issue a response, and if closed, send for authorization.
This is a very general mechanism, just to explain how it works. In fact, someone complicates things, someone changes something, someone leaves it as it is. For example, instead of writing your own authorization, you can cut oauth. Although, writing your own is not particularly difficult;)