I'm working on the design for a client's iOS app. They want the app to access stored data on their web server. The important thing is that the data can only be accessed by subscribed users, i.e. those that have a username and password. The web team can basically produce anything I want, i.e. a RESTful service. My question is, what authorisation should I ask them to use to only allow access for the subscribed users? Is xAuth necessary, or would basic auth be ok? Or something else?
Thanks for any help :)
keep it simple and secure; basic auth over HTTPS.
I am certain there will be some argument regarding my choice, just search StackOverFlow and you will get an assorted number of opinions.