I am using Nickel to create a REST API for my application.
It is important that this piece remains secure as this is a high security application. We would like calls to this API to be able to use a client secret that identifies the client to us but not be able to have this intercepted by others who could then pretend to be that client.
Is it safe to simply make calls to our Rest API? Or do we need to incorporate some encryption? Something like the client secret is actually a signature using a public-private key pair, where the client is the only one with that private key.
Or perhaps we should use sockets instead?