API Extra Security Layer for Mobile Use with Package Restriction using Laravel

Since i developed both backend and mobile application, there is something i need to protect my API. So, i came out an idea where i need to restrict access from public by app package information. I have been this using for awhile now.

Yes i know, it is not secure enough — no system is safe by the way. Purpose of security layer is to block and slowing down the attackers movement.

credit: www.securitymagazine.com

So, Let’s get started

Create a simple table called app_versions

php artisan make:model AppVersion -m

Then, write a simple migration file. Any extra are welcome to add.

Schema::create('app_versions', function (Blueprint $table) {
    $table->id();
    $table->string('os_type');
    $table->string('app_package_name');
    $table->string('app_version');
    $table->string('update_type'); // 1 - Major 2 - Minor
    $table->text('app_link')->nullable();
    $table->timestamps();
});

Setup AppVersion Model

class AppVersion extends Model
{
    protected $fillable = [
        'app_version',
        'app_package_name',
        'update_type',
        'os_type',
    ];
    
    ...
    public function isMajor()
    {
         return $this->update_type == 2;
    } 
 
    public function isMinor()
    {
         return $this->update_type == 1;
    }
 }

If you like to have your own control, just add this module in your CMS. For example like i do just below

Then, create a Middleware where to validate HTTP header request. We gonna put any mobile app information in HTTP header.

Let’s say i called ApplicationPackageMiddleware.php

class ApplicationPackageMiddleware {}

Define 2 constant for HTTP header.

1. Package name or Bundle ID
2. Current App Version

const PACKAGE_NAME    = 'X-Package-Name';
const PACKAGE_VERSION = 'X-Package-Version';