I am planning to use JSON as the data transport mechanism between my iOS app and my server (the server is a WCF service). While learning about JSON, I realized that all the data is passed around directly in the URL. I am sure this question gets asked a lot but I was not able to find anything concrete on the site.
Is there an alternative to sending JSON data directly in the URL?
If not, how do I secure it? I should be able to prevent everyone other than the app from requesting or sending data to the service. One way to do this to be put a 'key' as part of every request; one that is known only to the app and the server. This way I could reject all calls without the correct key. But what is to prevent someone from sniffing the data and forging a request?
Will SSL help here? If I have an SSL certificate, will it automatically encrypt all data to and from the app?
I am sure this is a very common scenario so I am looking for the most elegant way of solving this problem.