Hi
I am stuck in a scenario and need someone to help me out.
I have a REST web service written in PHP. Its an open-ended web service with no concept of login etc. Now there is a mobile app (available on both android and an IOS devces) to do certain things when interacting with this web service. To make it more clear, the mobile app can make a POST request to the web service and add data on the server.
Now, I need a way so that I can authorize that the request is coming from that app only and not from anywhere else.
Kindly suggest me a way to do it.
PS: I cannot have a login mechanism as per client’s requirement. Also IP filtering wont work in this case because the app can be downloaded by any number of users from anywhere in the world.
Thanks in advance.