With Approov you control which apps access your mobile API in a secure and easily deployable manner. Our customers confidently allow API access from iOS and Android devices knowing that Approov will only authenticate legitimate apps and does not rely on app embedded secrets. This capability prevents misuse of your API by both automated software agents and unauthorized 3rd party apps, providing the basis for a range of API access management policies.
Control automated traffic to your API. Block unauthorized attempts to scrape valuable data from your servers by automated scripts or bad bots.
Enable a trusted ecosystem for your API by restricting access to sanctioned apps only. Stop fake and repackaged mobile apps from impacting your business.
Safeguard traditional 3rd party API keys, which are vulnerable to reverse engineering and abuse, with an Approov protected cloud keystore.
The Approov SDK, once integrated with your iOS or Android app, performs regular one-time dynamic integrity checks on your app and sends the results to the cloud based Approov Attestation Service. The reported signature of the app is compared against the expected value and, if valid, a secure, limited lifetime token is returned to the app which can then be used as a key to access your API.
Untrusted software agents, such as attacker scripts or modified apps, are unable to generate valid tokens and are immediately rejected. Since Approov does not rely on hiding a secret, such as a static API key, there is nothing to be reverse engineered by an attacker.
Attempts are often made to hide an API key or token in the app. Protecting static secrets by obscurity is a poor approach to security. Apps are prone to reverse engineering and the secret will be eventually recovered by a determined attacker. In many cases the API key can be simply extracted by using a a Man-in-the-Middle (MITM) proxy, independently of any attempts to obfuscate the secret in the app code.
Approov enables a far more advanced security stance whereby a dynamic integrity check is performed on the whole app so that its identity is established. There is no reliance on API keys that can be reverse engineered and used against the API.
Minimum spend $99 / month
First month FREE
Automatic load balancing
Dedicated cloud infrastructure
End-user device active in the month
Minimum fee charged monthly in advance and includes 9900 monthly active devices. Additional devices billed in arrears. Exclusive of local taxes where applicable.