Can some one hack API calls of React Native or any traditional JS Native Apps












0















Let say i have a post api call like this



fetch('https://mywebsite.com/endpoint/', {
method: 'POST',
headers: {
Accept: 'application/json',
'Content-Type': 'application/json',
},
body: JSON.stringify({
firstParam: 'yourValue',
secondParam: 'yourOtherValue',
}),
});


can some one decode this android react app via dex2jar and something like this and snipe the apis calls..



how can we secure the api calls via server side auth and also from snipping










share|improve this question



























    0















    Let say i have a post api call like this



    fetch('https://mywebsite.com/endpoint/', {
    method: 'POST',
    headers: {
    Accept: 'application/json',
    'Content-Type': 'application/json',
    },
    body: JSON.stringify({
    firstParam: 'yourValue',
    secondParam: 'yourOtherValue',
    }),
    });


    can some one decode this android react app via dex2jar and something like this and snipe the apis calls..



    how can we secure the api calls via server side auth and also from snipping










    share|improve this question

























      0












      0








      0








      Let say i have a post api call like this



      fetch('https://mywebsite.com/endpoint/', {
      method: 'POST',
      headers: {
      Accept: 'application/json',
      'Content-Type': 'application/json',
      },
      body: JSON.stringify({
      firstParam: 'yourValue',
      secondParam: 'yourOtherValue',
      }),
      });


      can some one decode this android react app via dex2jar and something like this and snipe the apis calls..



      how can we secure the api calls via server side auth and also from snipping










      share|improve this question














      Let say i have a post api call like this



      fetch('https://mywebsite.com/endpoint/', {
      method: 'POST',
      headers: {
      Accept: 'application/json',
      'Content-Type': 'application/json',
      },
      body: JSON.stringify({
      firstParam: 'yourValue',
      secondParam: 'yourOtherValue',
      }),
      });


      can some one decode this android react app via dex2jar and something like this and snipe the apis calls..



      how can we secure the api calls via server side auth and also from snipping







      reactjs api react-native proguard dex2jar






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 16 '18 at 6:57









      user9092050user9092050

      74




      74
























          1 Answer
          1






          active

          oldest

          votes


















          0














          Yes it is possible, since your browser will show each call done by your app, using chrome you could openthe chrome dev tools and have a look at the network tab.



          However there is many way to protect this (you cannot hide it, but you could definetly protect it from unwanted access), probably the most popular are this two :




          • Cors


          • Authorization Header`






          share|improve this answer
























            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53332881%2fcan-some-one-hack-api-calls-of-react-native-or-any-traditional-js-native-apps%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            Yes it is possible, since your browser will show each call done by your app, using chrome you could openthe chrome dev tools and have a look at the network tab.



            However there is many way to protect this (you cannot hide it, but you could definetly protect it from unwanted access), probably the most popular are this two :




            • Cors


            • Authorization Header`






            share|improve this answer




























              0














              Yes it is possible, since your browser will show each call done by your app, using chrome you could openthe chrome dev tools and have a look at the network tab.



              However there is many way to protect this (you cannot hide it, but you could definetly protect it from unwanted access), probably the most popular are this two :




              • Cors


              • Authorization Header`






              share|improve this answer


























                0












                0








                0







                Yes it is possible, since your browser will show each call done by your app, using chrome you could openthe chrome dev tools and have a look at the network tab.



                However there is many way to protect this (you cannot hide it, but you could definetly protect it from unwanted access), probably the most popular are this two :




                • Cors


                • Authorization Header`






                share|improve this answer













                Yes it is possible, since your browser will show each call done by your app, using chrome you could openthe chrome dev tools and have a look at the network tab.



                However there is many way to protect this (you cannot hide it, but you could definetly protect it from unwanted access), probably the most popular are this two :




                • Cors


                • Authorization Header`







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 16 '18 at 9:57









                Fabien GreardFabien Greard

                1,2591621




                1,2591621
































                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53332881%2fcan-some-one-hack-api-calls-of-react-native-or-any-traditional-js-native-apps%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Florida Star v. B. J. F.

                    Danny Elfman

                    Lugert, Oklahoma