服务器和放大器;客户端code变化是
  选项​​！

块引用>

首先，你不能prevent它完全地（不采取法律行动:)。使用SSL / TLS，将与嗅探posibility帮助。

如果该应用程序从服务器直接下载（而不是通过一个应用程序商店/第三方）可以保护多一点。当用户下载应用，确保用户通过身份验证，生成一个密钥，包括在应用程序，并与该用户的所有进一步的沟通中使用它。黑客/贼可以模仿，但他们需要通过他们的服务器来模拟你的应用的登录和下载 - 你可以找到和阻止

I have a simple web-API accessible over HTTP with some corresponding mobile apps reading that data. Now someone decompiled an app / sniffed the HTTP traffic, got the url to my web API and built his own client acting like one of mine.

How can I secure the access to my API only for my own clients? Even with the thought of someone decompiling my app.

Server & client-side code change is an option!

Server & client-side code change is an option!

First, you can't prevent it completely (without legal action :). Use SSL/TLS, that will help with the sniffing posibility.

If the app is downloaded directly from your server (not through an app store/third party) you can secure it a bit more. When a user downloads the application make sure the user is authenticated, generate a key, include it in the application and use it in all further communication with that user. The hacker/thief can mimic that, but they'll need to go through their server to simulate a login and download of your application -- you can find and block that.