Vapor is a framework written in the Swift programming language that brings the language from the iOS platform to the backend, thus allowing developers to develop the mobile app and the backend in the same programming language. Vapor was initially released on December 3, 2015, just one month after Apple open sourced Swift and started to add support for the Linux platform.
The integration of Approov within a Swift Vapor API server will ensure that your API can only be accessed by genuine instances of your mobile app. Scripts and bots will be blocked. This is achieved by adding the Approov SDK to your mobile app. Implementing the Approov Token check in your Swift Vapor code couldn’t be easier because the token is a regular signed JWT. All you need is to use the vapor/jwt and vapor/jwt-kit packages to check the expiry time and verify the signature with the secret known only by your Swift Vapor API server and the Approov cloud service.
To enhance the protection of your Swift Vapor API further, you can secure each request by using the Approov Token Binding advanced feature of Approov. This allows you to check the binding of a header in the request with the Approov token itself, for example, the user authentication header.
Please follow one of the Quickstart guides in the repo to learn how to integrate Approov into your current Swift Vapor project.
If you have any questions around why or how to use Approov in your Swift Vapor project, don’t hesitate to contact us.
Photo by Jerome Granados on Unsplash