We're Hiring!

Approov Integration for NodeJS KOA Backends

Aurora borealis over sea and mountain

Photo by stein egil liland from Pexels

Node.js Koa is an expressive HTTP middleware framework that aims to make it easier and more enjoyable to write APIs, and it’s designed by the same team behind the popular Node.js Express framework. Compared with Express, Koa doesn’t bundle any middleware in its very small codebase, and leverages the Node.js async functions to allow the developer to ditch the callback functions and to improve error handling. The first release dates back to 8th November 2013 and references the tag 0.0.2.

The integration of Approov within a Node.js Koa API server will ensure that your API can only be accessed by genuine instances of your mobile app. Scripts and bots will be blocked. This is achieved by adding the Approov SDK to your mobile app and implementing the Approov Token check in your Node.js Koa code couldn’t be easier because the token is a regular signed JWT. All you need is to use the auth0/node-jsonwebtoken package to check the expiry time and verify the signature with the secret known only by your Node.js Koa API server and the Approov cloud service.

To enhance the protection of your Node.js Koa API further, you can secure each request by using the Approov Token Binding advanced feature of Approov. This allows you to check the binding of a header in the request with the Approov token itself, for example, the user authentication header.

Please follow one of the Quickstart guides in the repo to learn how to integrate Approov into your current Node.js Koa project.

If you have any questions around why or how to use Approov in your Node.js Koa project, don’t hesitate to contact us.


Paulo Renato

Paulo Renato is known more often than not as paranoid about security. He strongly believes that all software should be secure by default. He thinks security should be always opt-out instead of opt-in and be treated as a first class citizen in the software development cycle, instead of an after thought when the product is about to be finished or released.