So I have a question. Is it possible to configure network_security_config.xml in a manner that a single specific endpoint in the domain can be accessed without pinning while every single other endpoint in the domain is enforced pinning.
Example: example.com/access_without_pin and example.com/* (every other single endpoint)
I want the application to be able to access example.com/access_without_pin even without pinning where as the other endpoints (example.com/getUser etc.) are enforced to be pinned.
It's not possible with network security config. Pinning is based on host when establishing TLS connection, the endpoint only matters much later when the connection has been established and pinning requirements are met.
Without network_security_config is doable. For example, assuming a typical okhttp+retrofit stack, you could set up one instance of the stack with pinning and another without pinning, and then use the appropriate stack when communicating with your endpoints.