To ensure the security of the authentication key required for each transaction request, it is critical that this key is not stored within the actual App code. Storing sensitive details, such as your Store ID, within the App code is acceptable, but the authentication key should be handled with extra precautions.
We would advise that your App obtains the authentication key by downloading it from your servers as part of either an installation or registration phase. This process must be over a secure encrypted link (for example, HTTPS). Once the App has the authentication key, it should store it in the device in a secure method, such as using the iOS Keychain.
This method also allows you to update the authentication key should this be needed.