I want to create a backend for my android app with Tapestry5 and this http://code.google.com/p/t5-restful-webservices/ plugin. The app will communicate with the server by calling REST methods both for registered users (that would be easy to secure I guess) as well as unregistered users. Now of course I don't want people to just call that webservice from a browser. How can I make sure that only my app can make calls to this backend?