Secure Promo-Code Retrieval for Unity-App

Hi all,

I’m a complete noob when it comes to webservers and REST, so this is causing me a bit of a headache. I’m developing a Unity game that rewards players with a single, once-usable promo code that they can later exchange for certain services at a partner company. We decided to use DreamFactory to store and access the codes, but I really don’t know how to do any of this. Here’s what we need:

  • our app runs natively on an Android or iOS phone, developed in Unity
  • a user should be able to receive a new promo code exactly once
  • to achieve this, the app sens a request with the API Key and the user’s phone number. A serverside script then checks if we’ve generated a code with that phone number before. If not, it returns a new one and remembers the phone number. If we have seen that number before, it returns the code previously associated with that number.

First of all, is this possible, and can someone point me in the right direction for setting all this up? Secondly, is the API key sent with the request in plaintext? Because if a user can get the API key easily by monitoring their web traffic, they could then generate an unlimited number of codes with bogus phone numbers. I read somewhere that I can enable HTTPS when setting up the server, but I don’t know how to do that. Would that even fix the issue?

  1. Create a mysql table accordingly.
  2. Create a mysql service and give access to only one table and
  3. Write a PRE script to do your business logic
  4. Return the results as json.

For simplicity you could have a public role with restricted access.