I have developed an API restful in JSON to retrieve data from my server by a mobile app (iOS). I want to keep hidden my API avoiding someone via a network sniffing tool (like Wireshark) could find out it. On my server how can I allow only http request from my mobile app? What can I do?
Use SSL and an API token.
Essentially, your request is going to contain your API token or key as a part of the request payload. You can encrypt the data yourself, using SSL, or both.
On the server, you check that the token matches with what is a valid token.