Digitally sign JSON API calls from Android App (Java) to ASP.NET Web API 2 (C#)
We have an Android App written in Java that performs HTTPS calls to our mobile API server running ASP.NET Web API 2 (C#). Some API methods require authentication, and some methods are "open". Protecting "open" methods is not required, but we still want to protect those "open" calls with digital signatures.
So Android app will have a Private Key to sign the "open" API calls with. The strategy of delivering that private key into the app is irre