Webdev n00b here.
I'm working on an iOS project that uses Simperium.com as the back-end. All is well so far, except that the password management after the initial creation/authentication is somewhat lacking.
They provide update and reset options, depending on whether the user remembers their password or not. I'm making the assumption that the "reset" would be used as a typical "email a reset url to the user" type scenario. https://simperium.com/docs/reference/http/#updatehttps://simperium.com/docs/reference/http/#reset_password
However, given that both currently require an admin API key (mine, that I don't want to distribute in the app for security reasons), I'm trying to keep the API key on my server and send the username/password to the server which then handles the appropriate curl calls to Simperium.
I'm looking for:
1) A way to generate auto-expiring URLs, so the user can reset their password through a non-persistent link in an email.
2) A way to pass the username/password securely to my server and then on to Simperium.
3) Any framework that could handle this for me.
4) ANY BETTER SUGGESTIONS on how to handle this. :)
Do any of you have any ideas/recommendations/direction?