API Extra Security Layer for Mobile Use with Package Restriction using Laravel

Hafiq Iqmal
3 min readJan 26, 2021

Since i developed both backend and mobile application, there is something i need to protect my API. So, i came out an idea where i need to restrict access from public by app package information. I have been this using for awhile now.

Yes i know, it is not secure enough — no system is safe by the way. Purpose of security layer is to block and slowing down the attackers movement.

credit: www.securitymagazine.com

So, Let’s get started

Create a simple table called app_versions

php artisan make:model AppVersion -m

Then, write a simple migration file. Any extra are welcome to add.

Schema::create('app_versions', function (Blueprint $table) {
$table->id();
$table->string('os_type');
$table->string('app_package_name');
$table->string('app_version');
$table->string('update_type'); // 1 - Major 2 - Minor
$table->text('app_link')->nullable();
$table->timestamps();
});

Setup AppVersion Model

class AppVersion extends Model
{
protected $fillable = [
'app_version',
'app_package_name',
'update_type',
'os_type',
];

...
public function isMajor()
{
return $this->update_type == 2;
}

public function isMinor()
{
return $this->update_type == 1;
}
}

If you like to have your own control, just add this module in your CMS. For example like i do just below

Then, create a Middleware where to validate HTTP header request. We gonna put any mobile app information in HTTP header.

Let’s say i called ApplicationPackageMiddleware.php

class ApplicationPackageMiddleware {}

Define 2 constant for HTTP header.

  1. Package name or Bundle ID
  2. Current App Version
const PACKAGE_NAME    = 'X-Package-Name';
const PACKAGE_VERSION = 'X-Package-Version';

--

--

Hafiq Iqmal

Tech Lead Developer | Software Engineer | Laravel Enthusiasts | CTF Newbie | Medium writer | UiTM Alumni | Husband | Proud father of a beautiful daughter