We are building a Clover app that will be working against a web service we are developing (ie. No interaction with the Clover REST API). I am looking at how we should best secure the web service and the app so that the web service can authenticate each caller and prevent outside parties from making calls to its operations that should be coming from the Clover app we are building.
Normally I'd solve this by creating a login/password authentication mechanism and then using a traditional form of token authentication. However, is this the best practice when developing a Clover app?
It feels weird that if someone is unlocking the Clover device that they are then also asked to login to our specific app. Is there any facilities in the Clover SDK to help with this problem?