oauth - Building an API, keeping client access token safe -


i'm building api consumed ios application. consuming applications issued access token.

the access token used make ssl requests our api, , these requests originate ios device.

using charles however, running client's application on phone can de-encrypt outgoing requests , see access token is.

what i'm having hard time wrapping head around is, how possible keep access token safe, using ssl? couldn't obtain access code, incorporate in own application, , begin sending requests access token if original client?

what missing here?


Comments

Popular posts from this blog

swift - Button on Table View Cell connected to local function -

dns - Dokku server hosts two sites with TLD's, both domains are landing on only one app -

c# - ajax - How to receive data both html and json from server? -