We are building an iPhone app and need to create our own REST API to handle logins etc. The backend is in Java and we need a way to login users to the iPhone application and allow them to make requests to the API as that user. Because there are no sessions in mobile what would be the best way to implement this?
I used HMAC to make sure security and integrity could be guaranteed while communicating between the mobile device and the API. To handle logins we use an access token that expires after a set period