Securing a PHP REST Service

I am a complete newbie in this topic so please excuse me for my ignorance. Our company has a PHP based REST service created for consumption by an iPhone app. We make several POST calls to the REST API: www.mywebsite.com/a开发者_Python百科pi/rest and we send the method name and the parameters to the service. The service in turn returns a XML response which is GZip encoded. This is working fine.

I am assigned with a task to secure these call so that data that is getting passed to the service is not in plain text/is not visible using tools like Charles Proxy and other sniffing tools. In the past I have used some iPhone apps which also makes REST calls but they don't show up in such tools. I would like to know how to implement such a thing in a normal PHP based REST service so the data getting transmitted is not visible/ can be made secure.

I thought about using HTTPS but if we use HTTPS, I hear from others that the service/server will become slow and I am not too sure if the iPhone client will accept HTTPS calls.

Please advice.

Thanks in advance, Senthil

It sounds like you're trying to secure the transport layer, and assuming that's the case then SSL/TLS is surely the way to go. Yes, chances are there will be some performance impact, but the security is probably worth it.