I am building a mobile app that needs server side processing. I have created the server side using LAMP and the app just calls the respective php pages using an URL to request data. For example for signup I have created signup.php and app calls signup.php to verify login credentials of the app. I also have php scripts to say pull product information for the product the user is requesting. At this time these PHP pages are publicly accessible even though they would return a blank page. However how do I ensure these PHP pages are only accessible to my mobile application? How do I make it more secure?
Additionally the user on the mobile only needs to sign up once. Once signed up he stays logged in perennially until he uninstalls the app.