Is there a good way to do secret key authentication for http queries from a salesforce app to my own web server? In other words, I'd like to give each company that installs our application their own secret key. Then each http call the app makes to our server (whether json or just a link to a hosted iframe) would look something like this:
groupid = groupid
param1 = value1
param2 = value2
signParam = signValue
Where signValue = md5("groupid=groupid,param1=value1,param2=value2,secretKey"
Then when I receive the query, I calculate the signature as well to make sure it matches before I perform any actions on our web server. The problem is, I don't see how I can assign and store the secret key for each company that installs our app (that is, have them store the secret key in their installation).
Is there a good way to do this that I'm missing? And if this isn't possible in salesforce, how else do you authenticate web queries before you perform actions in your own server?