As @sdecandelario says, you can put a secret key on your app and check for it on the server. To protect the key from being sniffed talk to your API via HTTPS only. That way each call will be safely encrypted. Using HTTPS is a best practice and you should use it always. With the combination of a secret key and HTTPS you will only allow your app to use your API