Webservice security

[petter386]

Hi, I need some help regarding webservice security.

 

I created an aplication in C# which is using prestashop webservice. I have done customer authentication like this:

RestRequest request = new RestRequest("api/customers?filter[email]=[" + username + "]&filter[passwd]=[" + encPassword + "]", Method.GET); 
IRestResponse response = client.Execute(request);

If I get a customer in response then he can place an order in my shop.

 

But first I have to create a webservice client like this:

RestClient client = new RestClient("http://myshop.com");
client.Authenticator = new HttpBasicAuthenticator(MY_WEB_SERVICE_KEY, "");

where MY_WEB_SERVICE_KEY is the key generated in back-offece under Advanced Parameters > Webservice. 

 

I'm worried that anybody could get my webservice key from the application and then do whatever he wants with my webservice. How can I make my application and webservice more secure?