For an initial survey, I suggest you start by reading this document: iOS Security Guide
Before sending (offline storage), starting from page 9: Encryption and Data Protection
Sending the data, start on page 23: Network Security
Now that the question has been edited, I understand that you probably want to interact with the server using HTTP GET or POST via TLS (also known as HTTPS ). >
In this case, I suggest following the Apple specification at this link: Making HTTP and HTTPS Requests
Safety recommendations:
- If your server is configured correctly (valid certificate, SSL disabled), you already start with good security.
- Could increase security by manually verifying that the server's certificate is true (practically mandatory if the certificate is customized). It will increase even more if you use DNSSEC.
- If you configure the application to send the client certificate, it will increase even more (but in that case, it will depend on the server to validate the certificate).
From the security aspect, you'll realize that iOS does not support DNSSEC. If you base your system security solely on the basis of what the vendor API provides, you are at a risk. You need to first choose the communication protocol, and base your needs around it.
By not citing references, consider my recommendations as opinions. Mainly because some of them are optional, others are not practical, and some are not required. In short, it depends on several factors.