I have a game that has many webservices.
I can protect my webservices with an API key, if unique, user could copy API Key and change POSTS. For instance, there is a service to add point, so instead of adding 5 points, it could add 50 points by changing Call.
How should I manage this case? Issue is game is only knowing 1 API key.
I could also generate an aleatory number in server, send it to game, and then doing the operation, but it would cost me an extra call for each service, it seems to heavy for me.
Any idea how should I deal with this case?
PD: I have no time to implement OAUTH2.0
Read more here: How should I protect my webservices in a HTML5 Game / WordPress