Let's say I have a Phonegap / cordova app and I want to make requests to my server with POSTs and GETs throught AJAX.
How can I secure my php file to do only if the post come from my app. E.G.
if($_POST["key"]==$secret_key_got_from_server) {
// Do the things
}
I wanted to create a secure unique key with openssl, but if I hardcode it in the code to send it throught AJAX, anyone could just decompile my source code and get the key and do whatever he wants.
How could I make sure my post come from my phonegap app, or how can I securily code that key/token ?
I'm not quite sure if this question should be here or in security SE.