Search code examples
javascriptangularsecurityionic-frameworkpenetration-testing

Secured connection between app and server

I try these code to connect my ionic app to apiserver (get)

    import { Injectable } from '@angular/core';
    import { HttpClient } from '@angular/common/http';
    import { Observable } from 'rxjs';
    import { map } from 'rxjs/operators';

    @Injectable({
      providedIn: 'root'
    })
    export class EncryptionService {

      url = 'https://api.am....com';
      api-key='......'

      constructor(private http: HttpClient) { }

      newcheck(checkid: string ,cost: string,toname: string,tocode: string,passcode: string,date: string,checkfor: string,back: string): {
          return this.http.get(`${this.url}?key=${this.api-key}&checkid=${encodeURI(checkid)}`);
      }
    }

my API has API key and get data in URL

  1. how can i perform these in the secured way? for example to prevent someone to listen and monitor transferred data between app and server?
  2. prevent someone to distract and fake received data by app?
  3. or, anything to make this connection secured
Solution

  • It looks like you're already using https which is encrypted. A man in the middle attack should be prevented by default since browsers verify the certificate chain automatically.

    I recommend reading this guide about https.