Question: What’s the secure way of connecting mobile apps to a server? Should we use Web Service or API? What are the considerations in developing the API or web service?
Answer: When it comes to a robust and secure mechanism of connecting mobile apps to a server the best option is via an API (specifically REST API). There are some terrific resources (particularly from OWASP). The first link is an awesome “cheat sheet” for securing REST API. The second link also contains some great tips and instructions on securing REST API.