I want to securely access the REST API(.net) through a mobile application(react-native) which has no login but a user is created on the background with a unique ID when the app is opened for the first time.
client app - which can be identified with some UID.
backend service - which the client app needs to call to retrieve some listings.
What would be the best practice to secure this backend service? I don't want to protect by login/password (because the client should not be required to "login" to retrieve the listings), however, I'd not want anybody easily to call this backend API and retrieve those listings for their own purposes.
Specification: the app has no login. so how I can obtain token for first-time use and can make the API secure.
REST API: secure rest API with username & password.
Mobile App: send username and password with every rest API call.
Drawback: On reverse engineering username and password is obtained which is stored in the mobile application. The code was obfuscated and password was stored at places but hackers were successful to obtain password after doing certain efforts.
How can I send a secure call to REST-API since the app does not have a login and cannot send credentials over HTTP to obtain token?