Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Web APi key security c...
Microsoft Dynamics CRM (Archived)

Web APi key security concern

(0) ShareShare
ReportReport
Posted on by Subhash_Mahato 147
Hi everyone Currently we have developed an Android/iOS app using access token by hosting an app in azure. The android developer has raised a concern that as we using access token to get data from CRM and there is chance that this app can be easily decode by decompiler in that case whole app will give access to our whole crm. Can any body suggest or address our concern that this is encrypted in android app or iOS. This will help us to release this app. Thanks and regards Subhash Mahato

*This post is locked for comments

  • Subhash_Mahato Profile Picture
    Subhash_Mahato 147 on at
    RE: Web APi key security concern

    Thanks for your reply

  • Suggested answer
    Shaminderpal Singh Profile Picture
    Shaminderpal Singh 1,565 on at
    RE: Web APi key security concern

    Hi,

    You should implement implicit flow of OAuth2.0 in your app to make the tokens short lived and don't cache them. As your app is an android app implement azure ad application as native client only.  Your app would be secure as your token is getting generated on run time and is valid for short period of time.

    -Shaminder 

  • Suggested answer
    a33ik Profile Picture
    a33ik 84,323 Most Valuable Professional on at
    RE: Web APi key security concern

    Again. It's the problem of key encoding and you're doing it inside your application. Proper forums for your questions - Android/iOS related. Not the problem of Dynamics CRM/365/WebApi.

  • Subhash_Mahato Profile Picture
    Subhash_Mahato 147 on at
    RE: Web APi key security concern

    Thanks for your reply

    This is regarding the dynamics crm Web API. We have exposed it via azure app as describe in SDK. And using it in the Android app.

    Our main concern is we have encoded the app token in http request to generate the access key.

    Everything is working fine but developer is saying that anybody can access to our dynamics crm once they have access key and token and that can be easily accessible by decoding th app. How to tell them that this secure as this is provided by Microsoft

    Thanks & regards

    Subhash Mahato

  • a33ik Profile Picture
    a33ik 84,323 Most Valuable Professional on at
    RE: Web APi key security concern

    Hello,

    This forum is dedicated to Dynamics CRM/365 and not to Android/iOS development. Ask your question using proper forum please.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,253 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,188 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans