I'd like to restrict access to a PHP file on my server. This PHP file takes data from an HTTP GET request and appends it to a file. Simple. But I don't want this PHP file executed unless the HTTP request is generated from within the smartphone app I've developed.
I don't want to authenticate each user individually. I want my app, and only my app, to be able to send the request to the PHP file. I don't want people typing in a similarly formed request (http://www.mydomain.com/check.php?string=blahblahblah) into a browser and have the same impact.
I have thought about checking the HTTP_USER_AGENT, or some other variable, but I fear that they might be easy to spoof too. I could embed a key into my app that I look for, but that key could also be compromised.
The next step would be to have the server send me a challenge to which I respond appropriately. Or I could even look into PKI. But what's a relatively easy way to do this, given that I am not trying to protect anything of real value, just to prevent minor vandalism.
Am I trying to reinvent the wheel here? Is there already an easy, proven way to do this?