I am planning to use JSON as the data transport mechanism between my iOS app and

Question

I am planning to use JSON as the data transport mechanism between my iOS app and my server (the server is a WCF service). While learning about JSON, I realized that all the data is passed around directly in the URL. I am sure this question gets asked a lot but I was not able to find anything concrete on the site.

Is there an alternative to sending JSON data directly in the URL?

If not, how do I secure it? I should be able to prevent everyone other than the app from requesting or sending data to the service. One way to do this to be put a 'key' as part of every request; one that is known only to the app and the server. This way I could reject all calls without the correct key. But what is to prevent someone from sniffing the data and forging a request?

Will SSL help here? If I have an SSL certificate, will it automatically encrypt all data to and from the app?

I am sure this is a very common scenario so I am looking for the most elegant way of solving this problem.

Explanation / Answer

Not all JSON data is part of the URL's query string. Usually, this is only the case when sending HTTP GET requests to the server.

Services like yours are effectively secured by using HTTPS. The underlying TLS protocol encrypts all data exchanged between client and server, even URL query strings.

If you configure your WCF service(s) to only expose a HTTPS endpoint, all traffic will automatically be encrypted.

Since you mention you're using a WCF service, I recommend having a look at ASP.NET Web API: It's specifically designed to create RESTful services and you'll find it has much less overhead than creating and maintaining WCF services. You'll also get better performance since requests and responses aren't using the SOAP protocol.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.