I'm building a Phonegap mobile application in which I want the users to be able to check into locations. I can get the users location and post it to my API and all of that's working. What I'm looking for is some way to prevent spoofing the call to the API.
My current thinking is that I could have a shared private key in the mobile app and on the server. I would then hash(?) the users location with that key client side, post that, and then use the same key server side to restore the data.