I have WordPress website where registered users can register for different events. Now I’m working on iPhone app. This app will allow users to do the same thing (register for events) but from iPhone. What I want to understand is what is better and more secure way to authenticate user from iPhone app? User will insert username and password in app, but how could I know is username and password correct or not? I know WordPress has XML-RCP which maybe could help me achieve that, but people say its very slow. I found JSON API allows to retrieve and manipulate WordPress content using HTTP requests, but looks like there is nothing for user authentication, or maybe I’m wrong?
Any scenario or suggestions how to achieve this?
Are you asking a question about the JSON API, or are you looking for a general solution to this problem? Common practice when using a REST api is to sign requests with a private key, which you store in the app (for example in localStorage). The user would need to login once using the API, receive and store the privatekey, and apart from login requests the server only accepts signed requests. It is not 100% unhackable (what is?), but it’s considered ‘safe enough’.