I'm creating an API from php which is called from some apps (Android and iPhone). This API has some calls for getting values on a database on the central server, so that data can be cached on the app. Also, this API has some calls for adding records on this database.
I am worried about security. I would like to avoid someone to add some gargabe records, and also avoiding someone to use the API to get a copy of our full database.
How can this be accomplished?