API Extra Security Layer for Mobile Use with Package Restriction using Laravel

Hafiq Iqmal
3 min readJan 26, 2021

Since i developed both backend and mobile application, there is something i need to protect my API. So, i came out an idea where i need to restrict access from public by app package information. I have been this using for awhile now.

Yes i know, it is not secure enough — no system is safe by the way. Purpose of security layer is to block and slowing down the attackers movement.

credit: www.securitymagazine.com

So, Let’s get started

Create a simple table called app_versions

php artisan make:model AppVersion -m

Then, write a simple migration file. Any extra are welcome to add.

Schema::create('app_versions', function (Blueprint $table) {
$table->string('update_type'); // 1 - Major 2 - Minor

Setup AppVersion Model

class AppVersion extends Model
protected $fillable = [

public function isMajor()
return $this->update_type == 2;

public function isMinor()
return $this->update_type == 1;

If you like to have your own control, just add this module in your CMS. For example like i do just below

Then, create a Middleware where to validate HTTP header request. We gonna put any mobile app information in HTTP header.

Let’s say i called ApplicationPackageMiddleware.php

class ApplicationPackageMiddleware {}

Define 2 constant for HTTP header.

  1. Package name or Bundle ID
  2. Current App Version
const PACKAGE_NAME    = 'X-Package-Name';
const PACKAGE_VERSION = 'X-Package-Version';
Hafiq Iqmal

Tech Lead Developer | Software Engineer | Laravel Enthusiasts | CTF Newbie | Medium writer | UiTM Alumni | Husband | Proud father of a beautiful daughter