Design Decisions
[23-04-2020]
Meeting Topic: Api Authentication.
The reason for us to talk about authentication was because the Kubus app was decompiled and some of our api keys were found. This did not feel right for us so we initiated a meeting to discuss this topic further.
Summary:
We had a long meeting about authentication and that it is impossible to do this properly without sharing some sort of key / token / secret with the mobile applications.
We decided to:
- Use bearer tokens in favor of Basic Authentication
- Create a new
api_tokenstable, in which we will storeapi_tokensa given organisation - The api_tokens originating from the
api_tokenstable will be shared and hard coded into the mobile applications
Attendees:
- Charif
- Daniël
- Dax
- Jeroen
- René