Thanks.But they can sniff it:/
Hello,
No matter how much you try to hide the URL anyone can find it out easily by activating a proxy on the device and it will capture all the outgoing packets or on a rooted device (HTTPToolkit)
The right approach is to encrypt the parameters that you are sending using AES CBC and decrypting the parameters on the server using using AES CBC and a Master Key.
So even if they found out the URL they can't do anything with it because it's secure.
The 3 keys you will need to generate are :
1- Private key
2- Public key
3- Master Key (Generated/Used on the Server side only)
Once you filter the requests you will be able to see if it's a legit request from the app or a hacker trying to hack/penetrate/crack the data on your server.