Hello all, I realize this is a huge and ambiguous question, so apologies in advance for that. I've been reading so many articles about android client apps using an API, how to set up the user licensing, server security.... my head is spinning 
So I would greatly appreciate advice on best practices and to ask what others are doing. I can do the learning, just need an direction.
The App: A very simple B4a client app. It's only job is to handle login, licensing, sending encrypted user (text) request to an API, decrypting and displaying the response.
Server Side: All the proprietary code will be on server, I'd like to do a VERY secure API or web service of some sort. It would be a python API/service running server side.
Security: License the app to authorized users, only authorized registered devices. In addition, if the monthly license is not paid, the app stops working.
Market: Very small user base, high value app. Users will be willing to put up with security annoyance to use the app/api.
Data: Store very little, if any data, especially code on the client. Maybe collect some user data, but not to sell to marketers, very private, very secure.
Ads: None, I don't want to display ads.
My brain is spinning with all the keywords lol... Oauth2, public/private key license, security certificates, subscription payments, merchant accounts, firebase ...
a LOT of different technologies are involved here. It's especially important in my case as the user base is low and the app value is high.
The best advice might be "hire a professional" I'd be open to that too if anyone has resources a recommendation or is interested in working with me on this. I'd prefer to do it myself but, I do want to learn each aspect of it and would be willing to "pay" a professional for the work and education.
Like most of you who have paid apps, I'm just trying to protect my work. The only REAL way to do that seems to be put the "secret sauce" code on a web server and use a basic client app to send requests and display responses. I very much appreciate any advice, links to good articles and resources on how to proceed.
Thanks much!
So I would greatly appreciate advice on best practices and to ask what others are doing. I can do the learning, just need an direction.The App: A very simple B4a client app. It's only job is to handle login, licensing, sending encrypted user (text) request to an API, decrypting and displaying the response.
Server Side: All the proprietary code will be on server, I'd like to do a VERY secure API or web service of some sort. It would be a python API/service running server side.
Security: License the app to authorized users, only authorized registered devices. In addition, if the monthly license is not paid, the app stops working.
Market: Very small user base, high value app. Users will be willing to put up with security annoyance to use the app/api.
Data: Store very little, if any data, especially code on the client. Maybe collect some user data, but not to sell to marketers, very private, very secure.
Ads: None, I don't want to display ads.
My brain is spinning with all the keywords lol... Oauth2, public/private key license, security certificates, subscription payments, merchant accounts, firebase ...
a LOT of different technologies are involved here. It's especially important in my case as the user base is low and the app value is high.The best advice might be "hire a professional" I'd be open to that too if anyone has resources a recommendation or is interested in working with me on this. I'd prefer to do it myself but, I do want to learn each aspect of it and would be willing to "pay" a professional for the work and education.
Like most of you who have paid apps, I'm just trying to protect my work. The only REAL way to do that seems to be put the "secret sauce" code on a web server and use a basic client app to send requests and display responses. I very much appreciate any advice, links to good articles and resources on how to proceed.
Thanks much!
Last edited:
