Authorization between PHP and Mobile App

Hi

I am stuck in a scenario and need someone to help me out.

I have a REST web service written in PHP. Its an open-ended web service with no concept of login etc. Now there is a mobile app (available on both android and an IOS devces) to do certain things when interacting with this web service. To make it more clear, the mobile app can make a POST request to the web service and add data on the server.

Now, I need a way so that I can authorize that the request is coming from that app only and not from anywhere else.

Kindly suggest me a way to do it.

PS: I cannot have a login mechanism as per client’s requirement. Also IP filtering wont work in this case because the app can be downloaded by any number of users from anywhere in the world.

Thanks in advance.

PS: I do have access to modify both the server and the client app i.e. the mobile app but my client (my boss) does not want any feature of registration/signups/logins etc

Perhaps use an <input type=“hidden” name=“appname” id=“appname”> field for the site to validate by. If the hidden content is missing, then it’s not coming from the app. However, this can be easily discovered by hackers.