3 Replies - 480 Views - Last Post: 02 August 2018 - 09:47 AM

#1 jlis   User is offline

  • D.I.C Head

Reputation: 13
  • View blog
  • Posts: 230
  • Joined: 02-February 15

How do I authenticate between mobile app and server?

Posted 02 August 2018 - 02:42 AM

Good morning,

I'm looking for some advice.

I'm in the process of developing a platform. The platform consists of many elements, but essentially in a nutshell; I'm providing food takeaway establishments with their own iOS and Android mobile applications (that their customers can download and make food orders). I have an 'admin portal' that the takeaway owners log into and make menu changes, and those changes are reflected on the mobile applications in real time. All of this works great.

My problem is, I have no idea how to verify payments...

My plan was to use the Apple Pay SDK (and equivalent for Android), and make a payment to Stripe (a company which handles and verifies transactions), who would then return a verified payment key to the app. From there though; I'm lost.

If I create an orders table on my server; what's preventing people inserting false orders in there; even with a fake stripe verified transaction ?

My question is really around, how do I prevent malicious inserts into the orders table where I handle incoming verified orders?

Any advice on this would be great.

P.S - I'm happy to have all the orders handled by a company if anybody knows of any. I just want a way of sending payments, along with a list of items selected within my app and also pass over the customer details such as delivery address.

Cheers,

This post has been edited by jlis: 02 August 2018 - 02:45 AM


Is This A Good Question/Topic? 0
  • +

Replies To: How do I authenticate between mobile app and server?

#2 Skydiver   User is online

  • Code herder
  • member icon

Reputation: 6657
  • View blog
  • Posts: 22,740
  • Joined: 05-May 12

Re: How do I authenticate between mobile app and server?

Posted 02 August 2018 - 08:33 AM

Something is wrong with your security model if one company can mess with the data of another company within your single platform. Are you letting each company have direct access to your database? You shouldn't. They should always go through a web service, and that web service should be doing authentication and authorization checks.
Was This Post Helpful? 1
  • +
  • -

#3 astonecipher   User is offline

  • Senior Systems Engineer
  • member icon

Reputation: 2704
  • View blog
  • Posts: 10,800
  • Joined: 03-December 12

Re: How do I authenticate between mobile app and server?

Posted 02 August 2018 - 08:39 AM

I'm curious how a "fake order" would enter the system, or how a "fake payment verification" would? Generally, Stripe sends a call back.
Was This Post Helpful? 1
  • +
  • -

#4 jlis   User is offline

  • D.I.C Head

Reputation: 13
  • View blog
  • Posts: 230
  • Joined: 02-February 15

Re: How do I authenticate between mobile app and server?

Posted 02 August 2018 - 09:47 AM

Thanks for the replies.

I completely misunderstood how stripe worked. After reading most of their documentation (around creating charges), it now makes sense to me.

I apologise for posting this. I read up on the iOS integration before reading about charges... the 2 go hand in hand and It was an error on my part.

Thanks again,
jlis
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1