The easiest way to accept POST request only from my Android App in Flask : Forums : PythonAnywhere

The easiest way to accept POST request only from my Android App in Flask

Hi guys, I already have a REST API in Flask which manages data coming from my Android App (which is a Game, so no user login and password, just score, checkpoint, and so on) and sends them to a database. However, even using Postman, for instance, you can send a POST request (if you know the URL of course). I would like to enable the request only from my Game App, once installed on a device. The URL to POST data is pretty hard to figure out since it's pretty deep, but I don't know if it's enough to prevent requests from a third party.

deleted-user-9619366 | 40 posts | Feb. 10, 2021, 10:28 a.m. | permalink

not sure if there's a good way to do that. but perhaps you could have login / auth credentials for each user / app installed, and then ignore anything that is not authenticated?

conrad | 4232 posts | PythonAnywhere staff | Feb. 10, 2021, 12:51 p.m. | permalink

The problem is that I don't want to ask user to login when in-game. But maybe I could use some kind of automated log in. I can use some sort of device ID, automatically detected, and use it as a credential. I don't know ahah

deleted-user-9619366 | 40 posts | Feb. 10, 2021, 3:35 p.m. | permalink