I am using Titanium studio to build an iphone mobile app, and I want to do the following
What is the most secure way to do this? I know if I just send the user id then anyone could hack.
Are you sure what your doing is allowed (roll-your-own Payments and credit cards in-app will generally get you rejected)
Make sure your app does not violate any of these guidelines:
11.1 Apps that unlock or enable additional features or functionality with mechanisms other than the App Store will be rejected
11.2 Apps utilizing a system other than the In App Purchase API (IAP) to purchase content, functionality, or services in an app will be rejected
11.13 Apps that link to external mechanisms for purchases or subscriptions to be used in the app, such as a “buy” button that goes to a web site to purchase a digital book, will be rejected
Check the latest App store review guidelines here : https://developer.apple.com/appstore/resources/approval/guidelines.html
Also refer to these SO questions for more information:
iPhone Paypal in UIWebView Appstore approval process
iOS - Integrating credit card payments
A more secure way to do this (if you pass all the above guidelines) would be to use a userid, password, and salt, encrypted either over https or SHA256. Note that you have to specify you use encryption if you go the second route, during the review process.
Here is a wikipedia article about Salt and Passwords that I used.
Here is a SHA256 library for JavaSCript that works great with Titanium and is simple to use.