Secure Table Operation in Azure Mobile App

0
votes

In Azure mobile service we have to pass key "X-ZUMO-APPLICATION" and value as secret key in request header to perform any SQL Database table operation using WebAPI. One can not access access the table using WebAPI unless they have key.

In Azure mobile app SQL Database table operation can be performed by adding "?zumo-api-version=2.0.0" and it doesn't require any key. How can I secure the table operation using WebAPI in Azure mobile app.

Can anyone please help?

1
azureazure-mobile-services

1 Answers

1
votes

We got rid of the API key from Azure Mobile Services, because it didn't actually provide any level of security, and perceived security is worse than no security. (Anyone can get your key by decompiling your app, or sniffing network traffic, for instance.)

You should use instead use authentication to secure your endpoint.

See: