Approov Serverless Reverse Proxy in the AWS API Gateway

Thu 27 February 2020 By Paulo Renato

Category: API Keys, Integration, Third Party APIs, API, API Security, Reverse Proxy, AWS

 

In my previous article, Using a Reverse Proxy to Protect Third Party APIs, I left you without a solution to secure the purple API key inside the mobile devices in the graphic above from being extracted by the bad guy wearing the orange hat. As promised I am going to show you in this article how you can implement a solution for it.

Rather than securing the purple API key, wouldn’t it be better not to have it in the first place or at least to make sure that if it is extracted then it can’t be used at scale by malicious actors? Well that's what a Mobile App Attestation solution is for, and we will start this article by explaining what it is. Spoiler alert: it allows you to secure your API without needing to ship any type of secret inside your mobile app or, if you already have a secret in your mobile app, it allows you to ensure that the secret can’t be used to abuse your API.

Read More

Securing Your API server with Approov and Cloudflare

Tue 19 November 2019 By Paulo Renato

Category: Integration, Mobile App Authentication, API

Cloudflare is famous among developers as a leading CDN to efficiently deliver customer facing Internet content for their applications, but Cloudflare can also be used to verify all incoming requests before they reach your API server, by leveraging Cloudflare workers.

Read More

APPROOV INTEGRATION IN A JAVA SPRING STATELESS API

Thu 09 May 2019 By Paulo Renato

Category: Integration, Mobile App Authentication, API

This walk-through will show how simple it is to integrate Approov in a stateless API server using Java and the Spring framework.

We will see the requirements, dependencies and a step by step walk-through of the code necessary to implement Approov in a Java Spring stateless API.
Read More

APPROOV INTEGRATION IN A NODEJS EXPRESS API

Tue 05 February 2019 By Paulo Renato

Category: Integration, Mobile App Authentication

 

This walk-though will show us how simple it is to integrate Approov in a current API server using NodeJS and the Express framework.

We will see the requirements, dependencies and a step by step walk-through of the code necessary to implement Approov in a NodeJS Express API.
Read More

APPROOV INTEGRATION IN A PYTHON FLASK API

Mon 04 February 2019 By Paulo Renato

Category: Integration, Mobile App Authentication

This walk-though will show us how simple it is to integrate Approov in a current API server using Python and the Flask framework.

We will see the requirements, dependencies and a step by step walk-through over the code necessary to implement Approov in a Python Flask API.

Before we tackle the integration of Approov we need first to know how Approov validation is processed in the server and how to setup the environment to follow this walk-through.

Note that this article assumes a basic understanding of the Approov mechanics. If you need an overview of that, please read first the Approov in Detail page.

 

Read More

42CRUNCH AND CRITICALBLUE ANNOUNCE PARTNERSHIP

Fri 23 November 2018 By David Stewart

Category: News, Integration, Business, Mobile App Authentication


Joint solution to ensure APIs are built correctly and used legitimately.  

Read More

USING APPROOV IN YOUR CORDOVA APP THE EASY WAY

Fri 15 June 2018 By Johannes Schneiders

Category: Integration, Cordova

A couple of months ago we released a little thing called Cordova Approov HTTP that makes it super-easy to add Approov mobile API protection to a Cordova mobile app using Cordova Advanced HTTP.

Cordova is a platform for building native mobile applications using HTML, CSS and JavaScript. It is an open source project managed by the Apache Software Foundation.

Read More

HOW WE INTEGRATED APPROOV WITH CORDOVA

Fri 15 June 2018 By Johannes Schneiders

Category: Integration, Cordova

Read More

A TOUR OF API UNDERPROTECTION

Tue 03 April 2018 By Skip Hovsmith

Category: API Keys, Integration, TLS

AN OWASP APPSEC CALIFORNIA 2018 TALK

The fifth annual OWASP AppSec California was held in late January 2018 on the beach in Santa Monica. AppSec California is organized and run by an all-volunteer staff, and they put on a great conference — highly recommended. Besides excellent content and a chance to interact with many interesting colleagues, who wouldn’t want to hang out on the beach for a few days?

Read More

WHAT CAN YOU ACHIEVE IN YOUR 1 MONTH FREE TRIAL OF APPROOV?

Wed 07 February 2018 By Jae Hossell

Category: Integration, Mobile App Authentication

Approov is first and foremost an API protection solution for bot mitigation, however, while performing this task it also gives insight into the types and state of devices that are communicating with the protected services. For example, do you want to know the proportion of connections coming from unauthorised software: bots, scripts, or repackaged apps? Do you want to know if your communications are being intercepted, if the mobile device is rooted, if your app is running in an emulator, or if there is a debugger or framework attached? These types of questions can be answered with an Approov integration and you can even start getting at these nuggets before the end of your free trial.

Read More

Page 1 of 3