We have developed a Windows 8 application (HTML/JS/CSS) to select and download 'add record' template info from a (2.7) Moodle database activity, store them on tablets (local DB, SQLite), use this data to present and complete the forms offline, then upload completed records later back to the database activity. Primarily this is being used by assessors to record marks with a running total score for practical (OSCE) exams.
Currently this is done with a custom php script placed in a directory on our local Moodle server - the application sends and receives data to/from Moodle just fine. The communication is carried out via an AJAX request from the application, choosing the relevant data and passing it using JSON objects.
Our main concern is security/encryption of passwords and data transmission. Currently a JSON script authenticates the user with Moodle, then we force a login time-out on the tablet so the user isn't left logged-on. What we would like to do is to communicate with Moodle through a web API to push/pull the data securely.
I've had a look at the Moodle API docs but didn't see anything explicitly covering this - but I'm not a webservice expert by any means. Is there an existing API that we could use or customise with our scripts to authenticate users and pass the necessary data through ajax requests?
Any advice would be welcome.