How secure does your service have to be? What will happen if someone brute-forces the key? And if you're truly concerned, why aren't you using SSL with client-side certificates?
These are the general questions that you need to answer for your particular project, before you can decide the best approach to encryption.
Case study: In an application that I'm developing, I encrypt (not hash) key data using DES (yes, plain DES), and decrypt by the service. All URLs have to be generated by the server, which holds the shared key. There's an optional timestamp to limit validity of the URL: if you access the service with an expired URL, you get a 403 back. The data in question is relatively low value, and there will be no fiduciary considerations if the encryption is broken.
Can it be broken by consumer equipment? Sure.
Is there a high payoff to breaking it? Not at all.
Why not just send the data in plaintext? Because we want to ensure some level of control. My primary goal is keeping script kiddies from creating a denial-of-service attack with constant inserts/updates.
Incidentally, the data in the plaintext never appears anywhere else in the communication between client and server. Which means that, even if someone brute forces the key, they have to apply some sort of heuristic to learn that they've broken the key. Security via Obscurity, yes, but sometimes obscurity is useful.