I'm aware multiple questions have been asked on the topic but none have really answered my specific question.
My app
I have a PHP-based API that retrieves AND posts information from my MySQL database. I use it to check for login, to create new accounts, but also to retrieve simple data from the database. My app isn't on the AppStore yet, and right now, my API has no security whatsoever: it's the first API I've ever made, and I was just focusing on the basics. Now it's over, I want to add some security. I've done lots of research and oAuth seems over the top and way too difficult for what I'm trying to do here. I'm confused on the oAuth topic, about 2-legged or 3-legged oAuth.
Let's say I want this simple scheme to be secured: 1) users enters login information 2) iOS app sends credentials to PHP-based API server 3) API checks in database if login credentials are correct 4) API returns (in jSON) the result of the request 5) App process the jSON
This is the current flow. What is the most simple way to secure this? Is oAuth worth it or can I make a simpler, hand-made encryption system with a private key only my app and my API would know and that I would simply add in the POST?
