Hi

for simple security, you could pass an additional hashed parameter to your api call that could be used to validate each request.

you could for example do a simple MD5* hash of the date with a secret key and then pass both to your API.

so some psudo code : for createing a hash

var hash = MD5.CreateHash(timestring + "secretkey")

then on your api,

void myapi(parameter, string datestring, string key)
{
   var hash = MD5.CreateHash(timestring + "secretkey");
   if (hash != key) {
     // invalid
   }
}

this is simple and also not super secure - but hard enough for casual bypasses not to be able to do anything - the problem is your mobile app will contain your key and so if they deconstruct that - they can manufacture how your key is made.

There are other ways to secure things with encryption keys, and tokens, and you can use HMAC Attribute keys on api signatures to move checks like this away from the api signiture (so your api doesn't need to accept the key, it is done via an attribute) but they are probably a bit less simple.

*people will say MD5 is not secure and can be cracked and maybe you should use something else - (like SHA) again that is all doable, just moves away from the "simpleness" element of it all.

is working on a reply...