I am using Retrofit2 for API calls via my Android app:
Api api = new Retrofit.Builder()
.baseUrl(BASE_URL) //<-- Problem here
.addConverterFactory(GsonConverterFactory.create(gson))
.client(okHttpClient.build())
.build()
.create(Api.class);
Nowadays, many apps are being re-uploaded to the store by just changing the BASE_URL needed or with some minimal re-skinning.
I know that protecting to 100% an app from Reverse Engineering is impossible, but I just want to somehow make it harder for anyone to just change the BASE_URL and use the app with his own API.
For the BASE_URL itself, I am getting it with some native code as explained here. But still, anyone can put whatever he/she wants in baseUrl(BASE_URL) and he/she is good to go.
For now, I am thinking to import the whole Retrofit2 as a module in my project and modify there to add some level of obscurity.
But I am just wandering, isn't there any better way to do it?
Thanks.
Related
I'm currently building a Retrofit object as follows:
Retrofit retrofit = new Retrofit.Builder()
.baseUrl(BASE_URL)
.addConverterFactory(GsonConverterFactory.create(gson))
.build();
I don't need to pass it a client, i.e. no need to deal with the internals.
Now I would like to set a timeout, but all the examples I found involve creating an okHttpClient and assigning it to the Retrofit object.
Does it mean that okHttp is the de-facto client used by the system in all the situations?
Does it mean that okHttp is the de-facto client used by the system in all the situations?
Yes. Retrofit uses OkHttp for its network I/O. For example, in the Retrofit documentation, they mention in the section on R8/Proguard:
You might also need rules for OkHttp and Okio which are dependencies of this library
I want to build an api for an android studio application to make the base url of the retrofit. I am having problems to make the base_url. I want to know how I should make the base_url of the retrofit. I am having problems validating the base_url. I want to know the procedure to make a base_url for retrofit.
If this is my url
http://api.themoviedb.org/3/movie/top_rated?api_key=12345678910111213
Then base url becomes
http://api.themoviedb.org/
It will be passed in as
retrofit = new Retrofit.Builder()
.baseUrl("http://api.themoviedb.org/");
and the remaining part will become get or post query
How would the scope work with Auth Tokens? I cannot create my Retrofit instance until I can add an interceptor that signs it with my auth token. Therefore, I would like to create Retrofit when the auth tokens are available (after sign-in). How do I get scope working correctly in this situation?
Thanks a lot!
There is no best way of doing this, and it might also depend on how often you change / recreate your Retrofit instances.
What's better, or which better fits your use case depends very strongly on what you are trying to accomplish and how. There's many ways how what you are trying to achieve is possible, but in general you have 2 options
Create a new client for every retrofit instance (e.g. if you just log the user in once), so you would just add the client within the same scope
Create a #Singleton instance of okhttp3 and modify the client when required by using the newBuilder()
I think the first point is self explanatory, just create your client when you create retrofit, use the same scope and be done.
The second approach uses Okhttp3 feature of the newBuilder() method, by adding your interceptor to the okhttp client when creating your retrofit instance.
It would look something like this:
// Some singleton client to maybe also use in other parts of your app
#Singleton
OkHttpClient provideClient() { return new OkHttpClient(); }
// creating your retrofit client
#UserScope
Retrofit provideRetrofit(OkHtpClient client, Interceptor userInterceptor) {
return new Retrofit.Builder()
.client(client.newBuilder() // new builder to modify okhttp3
.addNetworkInterceptor(interceptor)
.build())
/* other settings */
.build();
}
If you get creative you can also just expose a setCredentials() method on your interceptor, then you can just create them once and reuse all the objects by adding them to the #Singleton scope. You'd then change your user by accessing and modifying your interceptor, albeit this is not a clean approach in my humble opinion.
I'm using Retrofit library and I wanted to implement OAuth 2.0 on every API call in order to authenticate those calls. How can I achieve that? Can you explain me step by step? I have followed some blogs but didn't understand how to do that.
I highly recommend you to check u2020 source code. You can achieve this with a OkHttp interceptor (Retrofit 1.x or Retrofit 2.x) or a RequestInterceptor if you stay with Retrofit 1.x.
I think for the oAuth 2.0 process its better if you open directly the browser and once its done it will redirect to the redirect_url specified. You will need to register the redirect_url in your manifest as a intent-filter for the activity that will manage the response of the server.
I'm working on REST API client for Android using Retrofit.
Some of the use something like this http://my.backend.com and others use https://my.backend.com. The way I found is to create two separate interfaces and build two RestAdapters with different endpoints.
But I would like to keep my interfaces consitent and I'm wondering if it is possible for example build my Res adapter with my.backend.com and specify if the methot thould use https with #HTTPS annotation ?
Thanks.
The only thing you can change on a RestAdapter after it's been built is the log level so I'm afraid the only solution is to have two RestAdapters. Two seperate interfaces should not be necessary though, as long as the path after your endpoint (my.backend.com) is the same for both the http and the https version.
You can do the following generic method which returns retrofit and keep just one interface. "baseUrl" can be either "http" or "https" urls.
public static Retrofit getRetrofit(#NotNull String baseUrl) {
return new Retrofit.Builder()
.baseUrl(baseUrl)
.addConverterFactory(GsonConverterFactory.create())
.build();
}