let's have php script on server called process.php. want call script ios/android app. want make impossible call script without app, example call computer. how make verification process secure , unhackable?
some things have thinked at:
using static key act password unlock script. not method because once key hacked (maybe reverse engineering, key being stores in app) got total access script.
creating hash function , follow following steps:
- make request server , string
- hash string on local device
- send hashed string back
- if string received server same string server expects (the request send hashed on server) unlock script way can access if have hash function. secure enough?
what other alternatives have without user's login credentials?
if concerned, create api key , use https , attach url in post request. acknowledging requests contain key.
