What I would suggest, is creating an intermediary server, that the your app posts to. This server then is the one that communicates with Ionic.io. Therefore your App ID and Private Key is secure.
This still poses a threat though, so you need to check if the request was made with Ajax before handling the content and pushing it to Ionic.io (this will stop people creating a server to submit, they will have to do it using Ajax aswell. You can also reply with a fake success if its not Ajax, the hacker would then believe it was successful).
You can also log the information, and IP of the user submitting it in a database of some sort, then if your app gets hacked, you then have the IP, and information to block from submitting push notifications.
↧
How to trigger push notification from device?
↧