web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Web APi key security c...
Microsoft Dynamics CRM (Archived)

Web APi key security concern

(0) ShareShare
ReportReport
Posted on by Subhash_Mahato 147
Hi everyone Currently we have developed an Android/iOS app using access token by hosting an app in azure. The android developer has raised a concern that as we using access token to get data from CRM and there is chance that this app can be easily decode by decompiler in that case whole app will give access to our whole crm. Can any body suggest or address our concern that this is encrypted in android app or iOS. This will help us to release this app. Thanks and regards Subhash Mahato

*This post is locked for comments

I have the same question (0)
  • a33ik Profile Picture
    a33ik 84,331 Most Valuable Professional on at

    Hello,

    This forum is dedicated to Dynamics CRM/365 and not to Android/iOS development. Ask your question using proper forum please.

  • Subhash_Mahato Profile Picture
    Subhash_Mahato 147 on at

    Thanks for your reply

    This is regarding the dynamics crm Web API. We have exposed it via azure app as describe in SDK. And using it in the Android app.

    Our main concern is we have encoded the app token in http request to generate the access key.

    Everything is working fine but developer is saying that anybody can access to our dynamics crm once they have access key and token and that can be easily accessible by decoding th app. How to tell them that this secure as this is provided by Microsoft

    Thanks & regards

    Subhash Mahato

  • Suggested answer
    a33ik Profile Picture
    a33ik 84,331 Most Valuable Professional on at

    Again. It's the problem of key encoding and you're doing it inside your application. Proper forums for your questions - Android/iOS related. Not the problem of Dynamics CRM/365/WebApi.

  • Suggested answer
    Shaminderpal Singh Profile Picture
    Shaminderpal Singh 1,565 on at

    Hi,

    You should implement implicit flow of OAuth2.0 in your app to make the tokens short lived and don't cache them. As your app is an android app implement azure ad application as native client only.  Your app would be secure as your token is getting generated on run time and is valid for short period of time.

    -Shaminder 

  • Subhash_Mahato Profile Picture
    Subhash_Mahato 147 on at

    Thanks for your reply

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans