I have a multi-platform project.
It has a web side and an android side in it. What do you guys suggest for verifying that the client that I am talking to from the web service is my android client? Does anybody have any idea of how should I authenticate these two?
I was thinking about saving a token field in a user table, with its content being some unique hash based on data from the client, that can be recognized by the server. However, I don't know what information I could use as the basis for the hash.
What client information should I use to create the hashed value to use as the authentication token?
If this information is necessary, my web service is presented to clients as a restful API and is written in PHP on the server side.
Thanks.
You could have the client and server communicate with each other using SSL and configure the server to require a client certificate. See for example https://docs.oracle.com/cd/E19424-01/820-4811/aakhe/index.html for more information on that.
This does not, however, protect you from a malicious hacker, who could extract the certificate from your client and add it to it's own application.