Topic: Securing and API

Im making an API that works this way

I have a database and grab and create info from in, do i have different clients using a mobile APP, i want them to be able to display and create information depending on which client it is so i've made an "app" table in my database with app_name and app_key so the client sent the app_name with the encrypted params using his app_key, i search for the app_key on my server and use it to decrypt the request params, but i think this is not secure at all, for example if someone have the app_key can get into a browser and perform requests using the app_name, so im looking to a way to have secure, fast request and responses from my app but i cant figure out what to use, certificates, public keys, symmetric like what im using now or a combination.

Last edited by jtomasrl (2012-08-26 19:29:00)