{"id":462,"date":"2013-09-27T17:58:39","date_gmt":"2013-09-27T12:28:39","guid":{"rendered":"https:\/\/www.innovationm.com\/blog\/?p=462"},"modified":"2023-01-20T18:56:06","modified_gmt":"2023-01-20T13:26:06","slug":"secure-web-service-integration-in-mobile-apps","status":"publish","type":"post","link":"https:\/\/www.innovationm.com\/blog\/secure-web-service-integration-in-mobile-apps\/","title":{"rendered":"Secure Web Service integration in Mobile Apps"},"content":{"rendered":"

Web services have gained lot of importance lately. From mobile apps perspective, native apps (Andorid, iOS, Windows Phone, etc.) or HTML5\/JS Frameworks like Sencha Touch need to talk to the web services to get the data and push the data. How do we ensure that request sent to web services is from authenticated client?<\/p>\n

For our discussion, I will be talking about Mobile applications integrating with web services.<\/p>\n

Concept of Signature and Signed Request<\/span><\/h1>\n

Let us first understand the basic concept of Signature and Signed Request.\u00a0Application sending HTTP request to web services need to be secured in the sense that only requests from authenticated clients are allowed.<\/span><\/p>\n

Mobile app sends HTTP request to web service (REST API). We need to piggy back on HTTP Request to make an authenticated request.<\/span>\u00a0To prepare an authenticated request, it requires three steps:<\/span><\/p>\n

(i) Prepare a String
\n(ii) Encrypt the String (Called as Signature)
\n(iii) Place the Signature in the request sent to the server (Referred as Signed Request)<\/span><\/p>\n

Authentication and User Authorization<\/span><\/h1>\n

There will be two level of Security while integrating with web services:<\/p>\n

1. Authentication of request
\n2. Authentication of request along with user authorization<\/p>\n

1.\u00a0<\/strong><\/span>Authentication of a Request<\/strong><\/span><\/h3>\n

When request is received by the web service then it should be generated from an authenticated client. Here the authenticated client is Mobile Application. Let us see how we can secure the request.\u00a0Here are the steps:<\/p>\n

1.1 Generation of Signature<\/span> <\/strong>– Both \u00a0client (mobile application) and server will generate signature in similar way by using hashing algorithm (Hmac-sha1) and Base64<\/span> encoding. Follow the steps to generate signature:<\/p>\n

(i) Prepare a string (Text). This string will be a combination of following elements in pre-determined order.<\/p>\n

    \n
  1. Client Unique Id – Unique Id of application generated by app developer<\/li>\n
  2. Http-Verb \u00a0– Every HTTP request carries this method. Ex –\u00a0GET, POST, PUT, DELETE, etc.<\/li>\n
  3. Content-Type – Type of content in the HTTP Request body.<\/li>\n
  4. Date (Time Stamp)<\/li>\n
  5. Canonical Resource (URL) – Part of URL without the server name and port.<\/li>\n<\/ol>\n

    Let us take some sample data:<\/p>\n

      \n
    1. Client Unique Id – Generate a UUID<\/strong><\/li>\n
    2. Http-Verb – POST<\/strong><\/li>\n
    3. Content-type – \u00a0application\/x-www-form-urlencoded<\/strong><\/li>\n
    4. Date (Time stamp) – 09\/26\/2013 15:55:40<\/strong><\/li>\n
    5. Canonical Resource (URL) –\u00a0\/SecurityTest\/framework\/login<\/strong><\/li>\n<\/ol>\n

      Concatenated String<\/span> – UUID + POST + application\/x-www-form-urlencode + 09\/26\/2013 15:55:40 + \/SecurityTest\/framework\/login<\/p>\n

      Concatenated String is ready<\/span> \u00a0– UUIDPOSTapplication\/x-www-form-urlencode09\/26\/2013 15:55:40\/SecurityTest\/framework\/login<\/p>\n

      (ii) After preparing the string, you can then use your “SECRET \u00a0KEY” to convert the above string into encrypted string by doing a one way hash of the string. \u00a0This is also referred as keyed-HMAC (Hash Message Authentication Code)<\/strong> and the encrypted string is the output of the HMAC. Informally, we call this process “Signing The Request,” and we call the output of the HMAC algorithm the “Signature”.\u00a0This Secret key is known to app developer and server.<\/p>\n

      HMAC (Encrypted String)<\/span> – \u00a0\u00c8l\u009a#\u00d7\u00acu\u00d9\u00b8-\u00c2?FU\u00f5\u00d6<\/p>\n

      (iii) <\/span>When the data has to be sent on a network in HTTP Request then it has to be encoded using Base64 encoding.\u00a0Convert it in\u00a0Base64<\/strong>\u00a0encoded string and this is the signature.<\/span><\/p>\n

      Signature after Base64 Encoding<\/span>\u00a0– <BmOnrZIU7htDqIFHliXiNID75pE=><\/span><\/p>\n

      Sample Code for generating signature in Java (Android):<\/strong><\/span>
      \n<\/span><\/p>\n

      \/* Here we can choose the algorithm*\/\r\nSecretKeySpec signingKey = new SecretKeySpec(SEKRET_KEY.getBytes(\"UTF-8\"), HMAC_SHA1_ALGORITHM);\r\n\r\nMac mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);\r\nmac.init(signingKey);\r\n\r\nbyte[] rawHmac = mac.doFinal(stringToSign.getBytes(\"UTF-8\"));\r\n\r\n\/* Here applying the Base64 encoding *\/\r\nbyte[] encoded = Base64.encodeBase64(rawHmac);\r\n\r\n\/* resultString is Base64 encoded HMAC *\/\r\nresultString =new String(encoded,\"UTF-8\");<\/pre>\n
      Sample Code for generating signature in\u00a0Objective C<\/strong> using Category on \u00a0NSData for Base64 encoding:<\/p>\n
      \/* Here we can choose the algorithm *\/\r\nNSData *keyData = [@\"SECRET_KEY\" dataUsingEncoding:NSUTF8StringEncoding];\r\n\r\nNSData *textData = [stringToSign dataUsingEncoding:NSUTF8StringEncoding];\r\n\r\nuint8_t digest[CC_SHA1_DIGEST_LENGTH] = {0};\r\n\r\nCCHmacContext hmacContext;\r\n\r\nCCHmacInit(&hmacContext, kCCHmacAlgSHA1, keyData.bytes, keyData.length);\r\n\r\nCCHmacUpdate(&hmacContext, textData.bytes, textData.length);\r\n\r\nCCHmacFinal(&hmacContext, digest);\r\n\r\n\/* out is HMAC *\/\r\nNSData *out = [NSData dataWithBytes:digest length:CC_SHA1_DIGEST_LENGTH];\r\n\r\n\/* resultString is Base64 encoded HMAC *\/\r\nNSString *resultString = [out base64EncodedString];<\/pre>\n
      1.2 Preparing request\u00a0<\/strong><\/span><\/p>\n
      After preparing signature, you will have to prepare request at client (Mobile Application) end. HTTP\u00a0Authorization<\/code>\u00a0header of HTTP Request is used to carry the signature. Authorization header looks like the following:<\/p>\n
      Authorization: IMWS CLIENT_UNIQUE_ID:Signature\r\n\r\nIMWS - It is just a text that identifies that this is our signature\r\nSignature - Base64 encoded string<\/code><\/em><\/pre>\n
      1.3<\/strong>\u00a0Web services authenticating the request<\/b><\/span><\/span><\/p>\n
      At server side, web service receives \u00a0the request. It extracts the signature prepared by client (Mobile Application) that is part of Authorization header in request. Server prepares the same Signature as prepared by Mobile app by extracting information from HTTP Request headers. Server and client (Mobile Application) share the same Secret Key. After generating signature, server compares both signature from client (Mobile Application) and itself and authenticates successfully if they match.<\/p>\n
      Now request is validated as coming from authentic client.<\/span><\/p>\n
      Other Security\u00a0considerations:<\/b><\/p>\n
        \n
      • The client (Mobile Application) time stamp included with an authenticated request must be within 10-15 minutes of the Server time when the request is received. \u00a0If not, the request will fail. The intention of these restrictions is to limit the possibility that intercepted requests could be replayed by an adversary.<\/li>\n
      • For stronger protection against eavesdropping, use the HTTPS transport for authenticated requests.<\/li>\n<\/ul>\n
        2.\u00a0<\/strong><\/span>Authentication of request along with user authorization<\/strong><\/span><\/h3>\n
        Here user has logged into the app and we need to place a mechanism wherein all the subsequent requests from the app will be authorized by the server. We cannot pass login credentials in every subsequent requests.<\/p>\n
        There is a concept of Access Token<\/strong>. When user logs in then Access Token<\/strong> is generated by the server for authorized user. Let us see how Authenticated Requests and User Authorization works together:<\/p>\n
        2.1 Generation of Signature\u00a0<\/strong><\/span><\/p>\n
        <\/strong>Signature generation is similar as described above for authenticated client.<\/p>\n
        2.2 Preparing request\u00a0<\/strong><\/span><\/p>\n
        User logs in and server generates Access Token returning that to client. This access token will be sent for all subsequent requests in Authorization header.<\/p>\n
        Authorization header for Authenticated client and Authorized user looks like this:<\/p>\n
        Authorization:IMWS CLIENT_UNIQUE_ID:ACCESS_TOKEN:Signature\r\nACCESS_TOKEN - Sent by server<\/pre>\n
        2.3<\/strong>\u00a0Authenticating the request and user\u00a0<\/strong><\/span><\/p>\n
        So basically, two things will happen now:<\/p>\n
        (i) Check whether the request is coming from authenticated client and
        \n(ii) Authorized user is sending the request.<\/p>\n
        At server side, when web service receives \u00a0the request, It will extract the signature and authenticates the client (Same way as described earlier). Also, it extracts the ACCESS_TOKEN that is part of Authorization header. It validates the ACCESS_TOKEN against expiration and modification of token.<\/p>\n
        Generation of Access Token for authorized user at the server\u00a0<\/strong><\/p>\n
        Access Token is generated\u00a0\u00a0using Hmac-sha1<\/span>\u00a0algorithm and\u00a0Base64<\/span>\u00a0 encoding\u00a0and AES encryption. Here are the steps:<\/p>\n
        (i) You will have to prepare string. String will be combination of following elements in predetermined order with “+” as delimiter.<\/p>\n
          \n
        1. User Id<\/strong> – id of user that identifies the user in the database.<\/li>\n
        2. Current date and time<\/strong> in milliseconds<\/li>\n
        3. Expiration time<\/strong> – Current date and time + Expiration period (60 days or whatever you want in milliseconds)<\/li>\n
        4. Role of the user<\/strong> (if you want to set some permissions for server to use)<\/li>\n<\/ol>\n
          Output<\/span> – Concatenated Sting (Let us call this as S1)<\/p>\n
          (ii) After preparing the string,\u00a0calculate\u00a0HMAC<\/strong>\u00a0(One way hash) of string \u00a0by using\u00a0SECRET KEY<\/strong>, then convert it in\u00a0\u00a0string with UTF-8 format. Result String will be the signature for ACCESS_TOKEN.<\/p>\n
          Output<\/span>\u00a0– Signature \/ Encrypted String (Let us call this as S2)<\/p>\n
          (iii) We now need to concatenate the Signature (S2) and Concatenated String (S1).\u00a0Then the concatenated string will be encrypted by AES encryption algorithm using your KEY, then convert it in\u00a0Base64<\/strong>\u00a0encode string.<\/p>\n
          Output<\/span> – Encrypted S1 + S2 (Let us call this as S3)<\/p>\n
          \/* Encrypting the string *\/\r\n\r\nCipher cipher = Cipher.getInstance(\"AES\/CBC\/PKCS5Padding\", \"SunJCE\");\r\nSecretKeySpec key = new SecretKeySpec(KEY.getBytes(\"UTF-8\"),\"AES\");\r\ncipher.init(Cipher.ENCRYPT_MODE,key,new IvParameterSpec(IV.getBytes(\"UTF-8\")));\r\nbyte[] rawEnc = cipher.doFinal(stringToEncrpt.getBytes(\"UTF-8\"));\r\nbyte[] encoded = Base64.encodeBase64(rawEnc);\r\n\r\n\/* resultString is Encrypted string*\/\r\nresultString =new String(encoded,\"UTF-8\");<\/pre>\n
          (iv) To add more security, S3 is now pre-fixed with 4 character variable string generated from a random number, then resulted string will be the ACCESS TOKEN.<\/p>\n
          token = UUID.randomUUID().toString().substring(0,4) + new String(encryptedString,\"UTF-8\");<\/pre>\n
          We can validate the ACCESS TOKEN against the expiration and modification by Decrypting using AES algorithm using same key used for encryption. We can check expiration time for expiration validation and signature for ACCESS_TOKEN validation.<\/span><\/p>\n
          Have fun!!!!<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"
          Web services have gained lot of importance lately. From mobile apps perspective, native apps (Andorid, iOS, Windows Phone, etc.) or HTML5\/JS Frameworks like Sencha Touch need to talk to the web services to get the data and push the data. How do we ensure that request sent to web services is from authenticated client? For […]<\/p>\n","protected":false},"author":1,"featured_media":893,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,3,71,8,102],"tags":[67,66,159,104,68,64,65,14,160,165,103,59,69],"class_list":["post-462","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-android","category-ios","category-mobile","category-mobile-architecture-and-design","category-web-service","tag-accesstoken","tag-aes-encryption","tag-android","tag-authentication","tag-authorization-framework","tag-base64","tag-hmac-sha1","tag-innovationm","tag-ios","tag-mobile","tag-web-service-2","tag-webservice","tag-webservice-security-framework"],"yoast_head":"\nSecure Web Service integration in Mobile Apps | InnovationM Blog<\/title>\n<meta name=\"description\" content=\"Process of integrating mobile applications with web services.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.innovationm.com\/blog\/secure-web-service-integration-in-mobile-apps\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Secure Web Service integration in Mobile Apps | InnovationM Blog\" \/>\n<meta property=\"og:description\" content=\"Process of integrating mobile applications with web services.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.innovationm.com\/blog\/secure-web-service-integration-in-mobile-apps\/\" \/>\n<meta property=\"og:site_name\" content=\"InnovationM - Blog\" \/>\n<meta property=\"article:published_time\" content=\"2013-09-27T12:28:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-01-20T13:26:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.innovationm.com\/blog\/wp-content\/uploads\/2013\/09\/innovationm-secure-webservice-integration-mobile-app.png\" \/>\n\t<meta property=\"og:image:width\" content=\"615\" \/>\n\t<meta property=\"og:image:height\" content=\"243\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"InnovationM Admin\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"InnovationM Admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/secure-web-service-integration-in-mobile-apps\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/secure-web-service-integration-in-mobile-apps\\\/\"},\"author\":{\"name\":\"InnovationM Admin\",\"@id\":\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/#\\\/schema\\\/person\\\/a831bf4602d69d1fa452e3de0c8862ed\"},\"headline\":\"Secure Web Service integration in Mobile Apps\",\"datePublished\":\"2013-09-27T12:28:39+00:00\",\"dateModified\":\"2023-01-20T13:26:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/secure-web-service-integration-in-mobile-apps\\\/\"},\"wordCount\":1192,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/secure-web-service-integration-in-mobile-apps\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/wp-content\\\/uploads\\\/2013\\\/09\\\/innovationm-secure-webservice-integration-mobile-app.png\",\"keywords\":[\"AccessToken\",\"AES Encryption\",\"Android\",\"Authentication\",\"Authorization framework\",\"Base64\",\"HMAC-SHA1\",\"InnovationM\",\"iOS\",\"Mobile\",\"web service\",\"WebService\",\"Webservice security framework\"],\"articleSection\":[\"Android\",\"iOS\",\"Mobile\",\"Mobile Architecture and Design\",\"Web service\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/secure-web-service-integration-in-mobile-apps\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/secure-web-service-integration-in-mobile-apps\\\/\",\"url\":\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/secure-web-service-integration-in-mobile-apps\\\/\",\"name\":\"Secure Web Service integration in Mobile Apps | InnovationM Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/secure-web-service-integration-in-mobile-apps\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/secure-web-service-integration-in-mobile-apps\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/wp-content\\\/uploads\\\/2013\\\/09\\\/innovationm-secure-webservice-integration-mobile-app.png\",\"datePublished\":\"2013-09-27T12:28:39+00:00\",\"dateModified\":\"2023-01-20T13:26:06+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/#\\\/schema\\\/person\\\/a831bf4602d69d1fa452e3de0c8862ed\"},\"description\":\"Process of integrating mobile applications with web services.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/secure-web-service-integration-in-mobile-apps\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/secure-web-service-integration-in-mobile-apps\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/secure-web-service-integration-in-mobile-apps\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/wp-content\\\/uploads\\\/2013\\\/09\\\/innovationm-secure-webservice-integration-mobile-app.png\",\"contentUrl\":\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/wp-content\\\/uploads\\\/2013\\\/09\\\/innovationm-secure-webservice-integration-mobile-app.png\",\"width\":615,\"height\":243,\"caption\":\"InnovationM Secure Webservice Integration Mobile Apps\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/secure-web-service-integration-in-mobile-apps\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Secure Web Service integration in Mobile Apps\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/\",\"name\":\"InnovationM - Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/#\\\/schema\\\/person\\\/a831bf4602d69d1fa452e3de0c8862ed\",\"name\":\"InnovationM Admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5c99d9eece9dfbc82297cf34ddd58e9fe05bb52fe66c8f6bf6c0a45bfb6d7629?s=96&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5c99d9eece9dfbc82297cf34ddd58e9fe05bb52fe66c8f6bf6c0a45bfb6d7629?s=96&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5c99d9eece9dfbc82297cf34ddd58e9fe05bb52fe66c8f6bf6c0a45bfb6d7629?s=96&r=g\",\"caption\":\"InnovationM Admin\"},\"sameAs\":[\"http:\\\/\\\/www.innovationm.com\\\/\"],\"url\":\"https:\\\/\\\/www.innovationm.com\\\/blog\\\/author\\\/innovationmadmin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Secure Web Service integration in Mobile Apps | InnovationM Blog","description":"Process of integrating mobile applications with web services.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.innovationm.com\/blog\/secure-web-service-integration-in-mobile-apps\/","og_locale":"en_US","og_type":"article","og_title":"Secure Web Service integration in Mobile Apps | InnovationM Blog","og_description":"Process of integrating mobile applications with web services.","og_url":"https:\/\/www.innovationm.com\/blog\/secure-web-service-integration-in-mobile-apps\/","og_site_name":"InnovationM - Blog","article_published_time":"2013-09-27T12:28:39+00:00","article_modified_time":"2023-01-20T13:26:06+00:00","og_image":[{"width":615,"height":243,"url":"https:\/\/www.innovationm.com\/blog\/wp-content\/uploads\/2013\/09\/innovationm-secure-webservice-integration-mobile-app.png","type":"image\/png"}],"author":"InnovationM Admin","twitter_misc":{"Written by":"InnovationM Admin","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.innovationm.com\/blog\/secure-web-service-integration-in-mobile-apps\/#article","isPartOf":{"@id":"https:\/\/www.innovationm.com\/blog\/secure-web-service-integration-in-mobile-apps\/"},"author":{"name":"InnovationM Admin","@id":"https:\/\/www.innovationm.com\/blog\/#\/schema\/person\/a831bf4602d69d1fa452e3de0c8862ed"},"headline":"Secure Web Service integration in Mobile Apps","datePublished":"2013-09-27T12:28:39+00:00","dateModified":"2023-01-20T13:26:06+00:00","mainEntityOfPage":{"@id":"https:\/\/www.innovationm.com\/blog\/secure-web-service-integration-in-mobile-apps\/"},"wordCount":1192,"commentCount":0,"image":{"@id":"https:\/\/www.innovationm.com\/blog\/secure-web-service-integration-in-mobile-apps\/#primaryimage"},"thumbnailUrl":"https:\/\/www.innovationm.com\/blog\/wp-content\/uploads\/2013\/09\/innovationm-secure-webservice-integration-mobile-app.png","keywords":["AccessToken","AES Encryption","Android","Authentication","Authorization framework","Base64","HMAC-SHA1","InnovationM","iOS","Mobile","web service","WebService","Webservice security framework"],"articleSection":["Android","iOS","Mobile","Mobile Architecture and Design","Web service"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.innovationm.com\/blog\/secure-web-service-integration-in-mobile-apps\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.innovationm.com\/blog\/secure-web-service-integration-in-mobile-apps\/","url":"https:\/\/www.innovationm.com\/blog\/secure-web-service-integration-in-mobile-apps\/","name":"Secure Web Service integration in Mobile Apps | InnovationM Blog","isPartOf":{"@id":"https:\/\/www.innovationm.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.innovationm.com\/blog\/secure-web-service-integration-in-mobile-apps\/#primaryimage"},"image":{"@id":"https:\/\/www.innovationm.com\/blog\/secure-web-service-integration-in-mobile-apps\/#primaryimage"},"thumbnailUrl":"https:\/\/www.innovationm.com\/blog\/wp-content\/uploads\/2013\/09\/innovationm-secure-webservice-integration-mobile-app.png","datePublished":"2013-09-27T12:28:39+00:00","dateModified":"2023-01-20T13:26:06+00:00","author":{"@id":"https:\/\/www.innovationm.com\/blog\/#\/schema\/person\/a831bf4602d69d1fa452e3de0c8862ed"},"description":"Process of integrating mobile applications with web services.","breadcrumb":{"@id":"https:\/\/www.innovationm.com\/blog\/secure-web-service-integration-in-mobile-apps\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.innovationm.com\/blog\/secure-web-service-integration-in-mobile-apps\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.innovationm.com\/blog\/secure-web-service-integration-in-mobile-apps\/#primaryimage","url":"https:\/\/www.innovationm.com\/blog\/wp-content\/uploads\/2013\/09\/innovationm-secure-webservice-integration-mobile-app.png","contentUrl":"https:\/\/www.innovationm.com\/blog\/wp-content\/uploads\/2013\/09\/innovationm-secure-webservice-integration-mobile-app.png","width":615,"height":243,"caption":"InnovationM Secure Webservice Integration Mobile Apps"},{"@type":"BreadcrumbList","@id":"https:\/\/www.innovationm.com\/blog\/secure-web-service-integration-in-mobile-apps\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.innovationm.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Secure Web Service integration in Mobile Apps"}]},{"@type":"WebSite","@id":"https:\/\/www.innovationm.com\/blog\/#website","url":"https:\/\/www.innovationm.com\/blog\/","name":"InnovationM - Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.innovationm.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.innovationm.com\/blog\/#\/schema\/person\/a831bf4602d69d1fa452e3de0c8862ed","name":"InnovationM Admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/5c99d9eece9dfbc82297cf34ddd58e9fe05bb52fe66c8f6bf6c0a45bfb6d7629?s=96&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/5c99d9eece9dfbc82297cf34ddd58e9fe05bb52fe66c8f6bf6c0a45bfb6d7629?s=96&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5c99d9eece9dfbc82297cf34ddd58e9fe05bb52fe66c8f6bf6c0a45bfb6d7629?s=96&r=g","caption":"InnovationM Admin"},"sameAs":["http:\/\/www.innovationm.com\/"],"url":"https:\/\/www.innovationm.com\/blog\/author\/innovationmadmin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.innovationm.com\/blog\/wp-json\/wp\/v2\/posts\/462","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.innovationm.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.innovationm.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.innovationm.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.innovationm.com\/blog\/wp-json\/wp\/v2\/comments?post=462"}],"version-history":[{"count":0,"href":"https:\/\/www.innovationm.com\/blog\/wp-json\/wp\/v2\/posts\/462\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.innovationm.com\/blog\/wp-json\/wp\/v2\/media\/893"}],"wp:attachment":[{"href":"https:\/\/www.innovationm.com\/blog\/wp-json\/wp\/v2\/media?parent=462"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.innovationm.com\/blog\/wp-json\/wp\/v2\/categories?post=462"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.innovationm.com\/blog\/wp-json\/wp\/v2\/tags?post=462"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}