Approov is an API security solution used to verify that requests received by your API services originate from trusted versions of your apps. It provides a very strong indication that a request can be trusted. The core Approov product is targeted at mobile apps, however, we provide several integrations with 3rd party web protection solutions so that a single backend Approov check can be used to authorize API access whether it originates from your mobile or web app.
Google reCAPTCHA V3 provides a powerful mechanism to tell humans and bots apart. It uses advanced risk analysis techniques to help you detect abusive traffic from your web app without user interaction. Instead of showing a CAPTCHA challenge, reCAPTCHA v3 returns a score that you can then use in the API backend to choose the most appropriate response for your web app.
The Google reCAPTCHA V3 integration with Approov enables you to use the same simple token check for your backend API endpoints whether a request comes from your mobile or web app. After checking Approov token validity, the included claims can be used to differentiate between requests coming from the mobile or web channels and react differently when that is necessary. If required, the full response from the reCAPTHCA check can be embedded in the Approov token to be used by that logic.
Please follow the Quickstart guide in the repo to learn how to integrate Google reCAPTCHA V3 with Approov into your web app.
If you have any questions around why or how to use Approov in your web app, don’t hesitate to contact us.