Hi all,

I'm now building an API for mobile devices, and for the authentication I'm using OAuth2, and for this part it's going fine.

However, my problem is there is one requirement that a user must have an ability to register an account. So, now I'm thinking how should I protect my registration route from spams e.g. some people might post to the registration endpoint numerous times as the registration route would be outside the OAuth filter.

One thing that I can come up with right now is to make the iOS send the OAuth's client id and secret key along with other data, and if the client id and secret key are not matched, then the API throws the error and reject the registration. So, I can make sure that the API would receive only the right data.

Is this a good way to protect my registration route, or there is another way to do this?

Please suggest, Cheers