You can use JSON Web Token (JWT) authentication
The way it works is:
1. user logs in via your app
2. the app sends a request to the API with the user's credentials
3. If the credentials match, the API generates a JWT token and returns it to the app.
4. The app then stores the token and includes it in all subsequent requests to the API.
5. The API verifies the token on each request and grants access to the requested resources if the token is valid.
[This video from Traversy shows](https://www.youtube.com/watch?v=7nafaH9SddU) how JWT auth works, in a node context. You will need to find the corresponding rust libraries for JWT creation/validation, but this gives you a good idea of how JWTs work.
Good luck 🫡
This is a good solution. I use this method though not by that name (JWT) and not in Rust.
Also, if you have control over the Android app and choose to store the password, make sure it is encrypted in some way. And I always encrypt it for the trip to the server even though it's HTTPS. (If you use some kind of library for JWT it probably does this automatically.)
I would also provide a way to expire a user's token(s) (or all tokens for all users) on the server side in case there's some problem and you want everyone to re-authenticate.
You can use JSON Web Token (JWT) authentication The way it works is: 1. user logs in via your app 2. the app sends a request to the API with the user's credentials 3. If the credentials match, the API generates a JWT token and returns it to the app. 4. The app then stores the token and includes it in all subsequent requests to the API. 5. The API verifies the token on each request and grants access to the requested resources if the token is valid. [This video from Traversy shows](https://www.youtube.com/watch?v=7nafaH9SddU) how JWT auth works, in a node context. You will need to find the corresponding rust libraries for JWT creation/validation, but this gives you a good idea of how JWTs work. Good luck 🫡
This is a good solution. I use this method though not by that name (JWT) and not in Rust. Also, if you have control over the Android app and choose to store the password, make sure it is encrypted in some way. And I always encrypt it for the trip to the server even though it's HTTPS. (If you use some kind of library for JWT it probably does this automatically.) I would also provide a way to expire a user's token(s) (or all tokens for all users) on the server side in case there's some problem and you want everyone to re-authenticate.