iPhone/iPad(iOS) to MySQL Server - DataHandling

i want to develop an app to communi开发者_Python百科cate with a webserver. I have an webserver with data's which i want to load on iOS devices.

My aim is:

- I start the app

- Login to the Webserver (or use offline if i have connected to the webserver before)

- Handle my data, read my news and so on, change any data(Online and Offline)

- Check while working with the app, if any data's changed and 'snyc' or 'upload' the changes to the webserver

*The Data's are only text, no images, no files at the moment*

Now my question is, which is the best way for my app?

Which API should i use for my webserver to communicate with the iOS device?

- I have read a lot of XML and JSON and may JSON would be the fastest and easiest to use it on a webserver and on iOS.

How can i use the App offline and parse it on changes? And if anything changes, how can i sync it?

How should i solve the login, how to authenticate? i think this is a very important point of security.

To work only with Request would not be efficient, i think, because there are a lot of data's.

Thanks for any recommandations,

brush51

For communication, consider using a library like ASIHTTPRequest.

What is ASIHTTPRequest?

ASIHTTPRequest is an easy to use wrapper around the CFNetwork API that makes some of the more tedious aspects of communicating with web servers easier. It is written in Objective-C and works in both Mac OS X and iPhone applications.

It is suitable performing basic HTTP requests and interacting with REST-based services (GET / POST / PUT / DELETE). The included ASIFormDataRequest subclass makes it easy to submit POST data and files using multipart/form-data.

The data format (JSON, XML) is really up to you. I like JSON and it is trendy at the moment for sure.

As far as authentication, consider using https:// requests to secure the communication. Send the username / password over https and then assign a cookie with an authentication token. On subsequent requests the authentication token will be sent along in the cookie (automatically) and will be encrypted if you are using https://. Your api's will need to make sure the authentication token in the cookie is legit, then do the processing.

That's one approach on security I've used in the past and it works well. There are a lot of good articles you can read on how to secure your communication.

Take a look at Best Practices for securing a REST API / web service

Also see How to Create Totally Secure Cookies