Hi all. I’m writing an which talks to my backend. The backend also has a portal where users can sign in with a username/password. I want the users to sign in also on the , so that the can make authenticated requests to the server.

What is the best practice for making authenticated api calls, do I the username/password on the device and send it on every api request?

Do I generate a based on the username/password which I then save on the device and use that on every request?

How about the token expiration, basically I want the user to only sign in once, unless they uninstall the app, so do I make it a non expiring token? I’m thinking a refresh token & token might be too much. I’m planing to use https for the backend and maybe ssl pinning for the app, so I’m not that worried about someone stealing the token.

How do you do it?

Source link


Please enter your comment!
Please enter your name here