I want to be able to access php pages on my app, but I need to be able to confirm that only my app is accessing these pages. If this were to do it in a regular website using CORS, in the php would simply do:
header("Access-Control-Allow-Origin: http://example.com")
But since it's a mobile app, it only has client-side access without a domain name
So in the php I would have to do:
header("Access-Control-Allow-Origin: *")
This obviously causes a security issue, as now anyone can access my server-side pages. So how can I can confirm that only my app is accessing these pages in the ajax calls? I'm assuming it would be something with tokens. But since these are client-side pages, how I can possibly add security without someone simply stealing the code?