Posts about

Reverse Proxy

Approov Cloudflare Worker Quickstart

August 14, 2020

  Photo by Nikola Knezevic on Unsplash Cloudflare started as a CDN that quickly became popular among developers due to its efficiency in delivering customer facing Internet content from a closer location to the end user than the real location of the backend server. Here is how to integrate Approov token checking into it. Read Full Story

Approov Integration with Kong API Gateway

May 20, 2020

Photo by Mattia Serrani on Unsplash   API Gateways have become very popular for deploying APIs at scale because they sit between the client and the API server backend This enables all kinds of integrations without the need to modify the API code itself, and that’s exactly what Kong API Gateway excels at. Read Full Story

Approov Integration With NGINX Plus

May 14, 2020

Photo by James Wheeler from Pexels NGINX first gained popularity as a fast and efficient web server with cache, load balancing and reverse proxy capabilities. With the evolution to NGINX Plus it gained additional capabilities, such as acting as an API Gateway with built in security controls. These security controls can be further extended via dynamic modules and we will utilise them to integrate Approov into the platform without changing any API code. Read Full Story

Approov Serverless Reverse Proxy in the AWS API Gateway

February 27, 2020

  In my previous article, Using a Reverse Proxy to Protect Third Party APIs, I left you without a solution to secure the purple API key inside the mobile devices in the graphic above from being extracted by the bad guy wearing the orange hat. As promised I am going to show you in this article how you can implement a solution for it. Rather than securing the purple API key, wouldn’t it be better not to have it in the first place or at least to make sure that if it is extracted then it can’t be used at scale by malicious actors? Well that's what a Mobile App Attestation solution is for, and we will start this article by explaining what it is. Spoiler alert: it allows you to secure your API without needing to ship any type of secret inside your mobile app or, if you already have a secret in your mobile app, it allows you to ensure that the secret can’t be used to abuse your API. Read Full Story

Using a Reverse Proxy to Protect Third Party APIs

February 12, 2020

In this article you will start by learning what Third Party APIs are, and why you shouldn’t access them directly from within your mobile app. Next you will learn what a Reverse Proxy is, followed by when and why you should use it to protect the access to the Third Party APIs used in your mobile app. Read Full Story