With Approov you control which apps access your mobile API in a secure and easily deployable manner. Our customers confidently allow API access from iOS and Android devices knowing that Approov will only authenticate legitimate apps and does not rely on app embedded secrets. This capability prevents misuse of your API by both automated software agents and unauthorized 3rd party apps, providing the basis for a range of API access management policies.

Control automated traffic to your API. Block unauthorized attempts to scrape valuable data from your servers by automated scripts or bad bots.

Enable a trusted ecosystem for your API by restricting access to sanctioned apps only. Stop fake and repackaged mobile apps from impacting your business.

Safeguard traditional 3rd party API keys, which are vulnerable to reverse engineering and abuse, with an Approov protected cloud keystore.

Anti-Automation
App Legitimacy
API Key Protection

Don't take our word for it


Included in the Gartner report
"Cool Vendors in Mobile App Development, 2017"
(document ID G00325959, May 12th, 2017)

Selected as the winner in API Security for 2017
by the API World advisory board

Supported Platforms


The App is the Key

The Approov SDK, once integrated with your iOS or Android app, performs regular one-time dynamic integrity checks on your app and sends the results to the cloud based Approov Attestation Service. The reported signature of the app is compared against the expected value and, if valid, a secure, limited lifetime token is returned to the app which can then be used as a key to access your API.

Untrusted software agents, such as attacker scripts or modified apps, are unable to generate valid tokens and are immediately rejected. Since Approov does not rely on hiding a secret, such as a static API key, there is nothing to be reverse engineered by an attacker.

HIDDEN API KEYS ARE NOT ENOUGH

Attempts are often made to hide an API key or token in the app. Protecting static secrets by obscurity is a poor approach to security. Apps are prone to reverse engineering and the secret will be eventually recovered by a determined attacker. In many cases the API key can be simply extracted by using a a Man-in-the-Middle (MITM) proxy, independently of any attempts to obfuscate the secret in the app code.

Approov enables a far more advanced security stance whereby a dynamic integrity check is performed on the whole app so that its identity is established. There is no reliance on API keys that can be reverse engineered and used against the API.

Read more details about how Approov protects your API

Tokens provide API security preventing abuse more effectivly than hidden API keys in iOS and Android apps

Learn More About Approov



Read white paper

Monthly Metered Billing

Standard


$0.01 / device / month

Minimum spend $99 / month

First month FREE

Unlimited devices

Helpdesk support

Automatic load balancing

Cancel anytime


Sign up


Custom



Invoice billing

Reserved capacity

Integration services

Dedicated cloud infrastructure

On-premises deployment


Contact Us


† End-user device active in the month

‡ Minimum fee charged monthly in advance and includes 9900 monthly active devices. Additional devices billed in arrears. Exclusive of local taxes where applicable.