I have already read this thread about sending data to and from java/php securely. From that thread, i have come to the conclusion that using SSL is most likely the best route to take. With that being said: I have a control panel with an API. I have a java server listening on a port. If i was to encrypt that data with AES with a secretkey only known to control panel and java server then send it from the panel/server, Would that be safe? My uneducated guess is that someone can replicated the request and have no problem sending it to the server/panel because its encrypted with the same secretkey so my panel/server would have no problem decrypting it. Would adding the time to the data BEFORE encryption, then checking the time AFTER decryption to verify that the request is NEW and not something that was sent 20 minutes ago? Probably sounds like a bundle of mess, but ive been trying to wrap my head around this for the past 2 days. I appreciate any help.