1

I'm working on the design for a client's iOS app. They want the app to access stored data on their web server. The important thing is that the data can only be accessed by subscribed users, i.e. those that have a username and password. The web team can basically produce anything I want, i.e. a RESTful service. My question is, what authorisation should I ask them to use to only allow access for the subscribed users? Is xAuth necessary, or would basic auth be ok? Or something else?

Thanks for any help :)

Marky
  • 1,294
  • 1
  • 18
  • 40

1 Answers1

1

keep it simple and secure; basic auth over HTTPS.

I am certain there will be some argument regarding my choice, just search StackOverFlow and you will get an assorted number of opinions.

Aaron Saunders
  • 33,180
  • 5
  • 60
  • 80
  • Thanks Aaron. That's exactly what I was thinking. For HTTPS do I need any special certificates or anything I need to get the web team to do? I'm planning on using ASIHTTPRequest on the iOS end. – Marky Nov 08 '10 at 03:15
  • yes, you will need a certificate on the server and there will need to be a certificate installed on the iphone – Aaron Saunders Nov 08 '10 at 04:02