How do all these mobile apps login users? I did a lot of research and read tutorials but I can't find a definitive answer...
I created an API for my Codeigniter web app using Phil Sturgeon's REST server. Now I need to create a mobile app (for Android and ios) that works with remote data from my web server. (I decided to build my app with Appcelerator.)
My goal is to allow users to log in from my mobile app and make CRUD operations via the REST server API. The API uses HTTP digest access authentication but I'm concerned about security because it sends a username and password over HTTP. Is there a more secure way to authenticated users?
After a user is logged in how will they perform CRUD operations without logging in again?
Security is a matter of trade-offs. You need to answer several question.
Unless you are storing banking information, confidential/personal information, or the content can be irrevocably altered/deleted, HTTPS with digest authentication are fine.
NOTE: digest does not transmit passwords.