Hello HN! Hoping I can tap the colossal power of the HN hive-mind.

Working on a project where an iOS client hits an API. How do I ensure that only my 'real' client is allowed to use it?

I could bake a secret token into the app, but surely it will just be sniffed (HTTPS only, but a MITM proxy?) or the app decompiled and the token extracted (Like the Sony PS3 master key).

Is there any reliable way to ensure that a hacked, dummy version of my app can't use the real API?

Thanks HN!