We're Hiring!

Approov Integration for Python Django Backends


The Python Django framework was created in the last quarter of 2003 by Adrian Holovaty and Simon Willison when they were working as Python developers at the Lawrence Journal-World newspaper, although it was only released in July 2005.

The Django framework also gained contributions from Jacob Kaplan-Moss who was hired before Simon's internship ended. The framework was named after Django Reinhardt, the famous guitarist. Django was created with the goal of making it easy to code complex database-driven websites, and strongly adheres to the programming principle of DRY (don’t repeat yourself), by giving emphasis to reusability. It’s easy to plug components together and allows automatic creation of an administrative CRUD (create, read, update, delete) interface through code introspection.

The integration of Approov within a Python Django API server will ensure that your API can only be accessed by genuine instances of your mobile app. Scripts and bots will be blocked. This is achieved by adding the Approov SDK to your mobile app and implementing the Approov Token check in your Python code couldn’t be easier because the token is a regular signed JWT. All you need is to use the jpadilla/pyjwt package to check the expiry time and verify the signature with the secret known only by your Python Django API server and the Approov cloud service.

To enhance the protection of your Python Django API further, you can secure each request by using the Approov Token Binding advanced feature of Approov. This allows you to check the binding of a header in the request with the Approov token itself, for example, the user authentication header.

Please follow one of the Quickstart guides in the repo to learn how to integrate Approov into your current Python Django project.

If you have any questions around why or how to use Approov in your Python Django project, don’t hesitate to contact us.


Photo by Faisal on Unsplash

Paulo Renato

Paulo Renato is known more often than not as paranoid about security. He strongly believes that all software should be secure by default. He thinks security should be always opt-out instead of opt-in and be treated as a first class citizen in the software development cycle, instead of an after thought when the product is about to be finished or released.