I have a question regarding the security of cross-domain applications ...
It is as follows, in case I have a hybrid APP that will run on a smartphone and will make requestsajax
cross-domain
to an api (in this case multiple .php
files) that are hosted on any site, how can I ensure that only my APP will consume these services?
Would it be using session
?
I know that there are also several hosting control panels that offer password protection of the domain folders, but this would mean that every time the APP was opened, the user had to enter that password for the site, which is not interesting.
Anyway, any ideas? Thank you.