I'm using Kinvey as backend but because it doesn't provide the ability to run custom code I have set up another server. So basically when x happens on Kinvey server, I send a call to my rest api on external server, do something, when done do a call back to rest api on Kinvey.
I'm not using any sort of secure layer like SSL, and I don't plan to use it in the near future because I have no idea what kind of certificate I have to buy
What authentication should I implement so communication between the two are safe? As far as I know I could have the same key on each server and encrypt the data, as only both servers know it, then it is secure? if so, which encryption should I use and why?
Also I read that Kinvey uses basic auth, which sends the password in plain text? This is not secure at all, so is it better to use their session authentication? Or just buy an ssl certificate (what kind?)