Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
How can i make sure only my iphone app is allowed to use my app engine application for sending and receiving data? I probably have to use a secret key, but i don’t know how. Can i just use post/get to send my static key over https? Or do i need to use some dynamic secret key algorithm?
Any help would be appreciated!
Bjorn
Assuming you think you can keep the secret on the iPhone app from being discovered, what you need is an HMAC. For every request you make, pass the text of the request into a function like HMAC-SHA1, with your secret key as the key, and add the result to the request you make. When the server receives the request, perform the same operation, and verify that the HMACs match.