Securing HTTP post request

Hello everyone !

I’m making http post request to my server to log the user and then send his bestscore. For that I’m using HTTPS post request. But i’m wondering, if someone decompile my game he will see the post request and then he could copy it to send some wrong data like 999999 for the score. On my server side I check the header to make sure the request come from unity but the hacker just have to do it on a empty unity project and that’s it.

How can I secure it ?

Informations about the requests :

LOGGING : the user have to enter his username and password, then the server will respond json data with his user information and bestcore. If credentials are wrong the server send a string of the error

BESTCORE : When the user hit his bestscore the game send https request like : username=CLEM&bestcore=123

You can’t. The best you can do is authenticate the user and then ban any users caught cheating.