security - phone gap apps - How can i detect thet a login web service request is genuine -

security - phone gap apps - How can i detect thet a login web service request is genuine -

we r taking jump writing mobile application of our platforms core functionality.

after spending time - narrowed downwards html 5 application, css , apache phone gap back upwards different platforms ios , android

we writing wcf based rest services , have question securing web service calls - specially ones new user creation , login.

how can ensure web service phone call create new user business relationship or subsequently log app genuinely originating mobile device , not via brute attack or trying execute service if find url? there kind of device identifier can depend on part of request (or embed app) etc or there other more reliable techniques.

any help appreciated.

regards sid

good question: utilize device plugin device uuid , hash user email , timestamp of registration create key. 1 way hashing friend in scenario. maintain of communication on https secure socket layer , create keys based on uuid , should able solve problem.

web-services security cordova mobile