Hi Chris,
I guess the first question I'd ask is what sort of data you're protecting. Unless it's intensely private or sensitive (medical records, social security numbers, etc) then my opinion is that Basic Auth over SSL is good enough.
In this case you just have a new header that you have to include with each request to your API, and the new Taffy 1.3 beta has helper methods for retrieving the username and password when it's been passed.
I think if you were to do a public + private key approach, be cautious about embedding an application-wide private key. While it's easy and fast to release an update for Android, on iOS your users could be out of commission for 2 weeks (on average) or more (in the event of a holiday -- for example, Apple shuts down the review process for a week around Christmas)
If I wanted to do pubkey + privkey my first thought would be to ask them to log into the app, have the app test the credentials via your API over SSL, and return the private key if successful.
Good luck, and let us know how you make out!
Adam
--
You received this message because you are subscribed to the Google Groups "Taffy Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to taffy-users...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
<javascript:>.
For more options, visit
https://groups.google.com/groups/opt_out