API Authentication via Generated URLs only
First of all, I know this is terrible practice. I am prefacing this by saying its to work around the client. The client is only capable of loading strings from generated URLs. I am unable to change the client outside of how URLs are generated.
I am attempting to have some way of encrypting or obfuscating a URL such that a client will be able to communicate with my API, but cannot be easily generated by a bad actor. My application is a gamescoring/gamekeeping API and I would not like users to be able to just be able to create URLs themselves that declares them as a winner. I am okay with a user seeing the URL after the game has been reported as I can just fail the request after first completion.
Ideally I would just do Symmetrical/Asym string encryption, but the client's SDK has hidden those tools.
I was wondering if anyone knew of a relatively easy way to go about this or am I stuck just writing an existing encryption algorithm myself.
I am attempting to have some way of encrypting or obfuscating a URL such that a client will be able to communicate with my API, but cannot be easily generated by a bad actor. My application is a gamescoring/gamekeeping API and I would not like users to be able to just be able to create URLs themselves that declares them as a winner. I am okay with a user seeing the URL after the game has been reported as I can just fail the request after first completion.
Ideally I would just do Symmetrical/Asym string encryption, but the client's SDK has hidden those tools.
I was wondering if anyone knew of a relatively easy way to go about this or am I stuck just writing an existing encryption algorithm myself.
