Best practice to detect iPhone app only access for web services?

Posted by Gaius Parx on Stack Overflow See other posts from Stack Overflow or by Gaius Parx
Published on 2009-07-13T09:31:59Z Indexed on 2010/04/26 15:53 UTC
Read the original article Hit count: 187

I am developing an iPhone app together with web services. The iPhone app will use GET or POST to retrieve data from the web services such as http://www.myserver.com/api/top10songs.json to get data for top ten songs for example.

There is no user account and password for the iPhone app. What is the best practice to ensure that only my iPhone app have access to the web API http://www.myserver.com/api/top10songs.json? iPhone SDK's UIDevice uniqueueIdentifier is not sufficient as anyone can fake the device id as parameter making the API call using wget, curl or web browsers.

The web services API will not be published. The data of the web services is not secret and private, I just want to prevent abuse as there are also API to write some data to the server such as usage log.

© Stack Overflow or respective owner

Related posts about iphone

Related posts about best-practices