Approov Integration for PHP Backends

twitter-single-image-tweet-1

Photo by Ben on Unsplash

PHP was created in 1994 by the Danish-Canadian developer Rasmus Lerdorf. In its first incarnation PHP was a simple set of Common Gateway Interface (CGI) binaries, written in the C programming language, which Rasmus used to track visitors to his online CV. This explains why PHP originally stood for Personal Home Page but from PHP 3 onwards it became a recursive acronym that stands for Hypertext Processor.

In 1995, Rasmus rewrote PHP to add some more desired functionality, like being able to write web forms and interact with databases, and decided to release it into the public domain. It was never his intention that it would become a programming language, rather just a set of tools for creating simple web pages.

The integration of Approov within a PHP API server will ensure that your API can only be accessed by genuine instances of your mobile app. Scripts and bots will be blocked. This is achieved by adding the Approov SDK to your mobile app and does not require you to change a single line of code in the API itself. Implementing the Approov Token check in your PHP code couldn’t be easier because the token is a regular signed JWT. All you need is to use the firebase/php-jwt package to check the expiry time and verify the signature with the secret known only by your PHP API server and the Approov cloud service.

To enhance the protection of your API further, you can secure each request by using the Approov Token Binding advanced feature of Approov. This allows you to check the binding of a header in the request with the Approov token itself, for example, the user authentication header.

Please follow one of the Quickstart guides in the repo to learn how to integrate Approov into your current PHP project.

Get An Approov Demo!

If you have any questions around why or how to use Approov in your PHP project, don’t hesitate to contact us.