Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
We have built numerous web services and hosted them on our internal servers and these will be used by our iPhone application. End users of the iPhone app need not sign into the application, they can just use the app without any credentials.
Whenever web services receive a request; I want to authorize that these requests are coming from iPhone app. How can i do this?
Thanks!
How safe do you want it to be ?
The dead simple and widely used technique is to require all webservice request include an ApiKey header. The server must then validate the ApiKey against a known list of allowed ApiKeys. If communication is done over SSL this is fairly safe (would require disassembly of the client code to find the key), on the other hand if communication is plain http, the ApiKey can be easily sniffed.