Flutter REST API Security

api rest flutter
107

Can a user decompile the apk and get rest api key and write into my database by postman or sth like that?

If you don't share your APK which is generated in debug mode, it won't be easy to access your API key. You should always consider building your APK in release mode. And you can obfuscate your APK too.

Share:
107
knnkrt7
Author by

knnkrt7

Updated on December 25, 2022

Comments

  • knnkrt7
    knnkrt7 over 1 year

    I'm using REST API key in my flutter project in lib folder so is there any chance for someone to decompile the apk and see my API key? Is it secured?

    • mousetail
      mousetail over 3 years
      Yes, you should generate a API key for every user of your app
    • knnkrt7
      knnkrt7 over 3 years
      Thank you for answer. Can a user decompile the apk and get rest api key and write into my database by postman or sth like that.
    • mousetail
      mousetail over 3 years
      Even if they couldn't, a user can intercept all web traffic. SSL does not protect you when other apps can read your memory.
    • knnkrt7
      knnkrt7 over 3 years
      So whats the solution to protect my data from all attempts
    • mousetail
      mousetail over 3 years
      You should never give sensitive data to the client. Either have your own API that has authentication and proxies the third party API, or if you cannot give each user their own key to the third party API and limit the permissions.
    • Joy Terence
      Joy Terence over 3 years
      In case of mobile clients, you can save the sensitive data such as token, api_key...in keychain (iOS) or in keystore (android). To achieve this in flutter, have a look at flutter_secure_storage

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Updating Value From API in a constructor flutter
How to access COWIN APIs?
In Flutter how I can fetch data inside a JASON with API and GetX
Prevent untrusted clients to use login/register endpoints of REST API
What are options for Flutter App Backend?
REST API in flutter
Eroor : Type '_InternalLinkedHashMap<String, dynamic>' is not a subtype of type 'List<dynamic>' in type cast
How to Handle API response model class if object is not Available in some situation on Same API Flutter Dart
I'm not receiving response from API when making a post requisition in FLUTTER
Getx Controller not fetching data