I'm trying to figure out the best way to send info back and forth between my server and another company's server. Basically, the other company processes the sales of my software, then goes to my server to activate the software. My software hits my server every time it loads to get the activated license. My server is blocked from external SQL queries (won't run queries from the other companies server), so I somehow have to pass data back and forth with their server.
Being new to this kind of thing, I'm looking for opinions on how best to do this regarding how to do this securely (I already know how to write code). For example, is an encrypted GET request sufficient where I can just decrypt info passing in a link? SSL with data in XML? I appreciate any thoughts and direction you can give.
Thanks in advance!
It sounds like you can put up a web or web services server? Have your server only accept connections by HTTPS, and require client authentication. Have the other company's server contact your server using HTTPS with a POST request.
Your server will need to present an SSL certificate that the other company's server recognizes as authentic - either you need to get a certificate issued from a CA, or you can create a self signed certificate and have the other company install that certificate in their server's trust store. The other company will also need to present an SSL certificate that your server recognizes - in this case, it should be a self signed certificate that you install in your trust store, so you aren't accepting connections from just anyone who has a CA issued certificate.
Your software can contact your server with an HTTPS GET request. The certificate requirements for your client software will be the same as for the other company's server, as described above.
This arrangement will prevent (a) anyone from impersonating your server, (b) anyone from impersonating your partner's server when posting to your server, (c ) anyone from eavesdropping on your client software's connections to your server and getting their user keys that way.