We're Hiring!

Approov Integration for Python FastAPI Backends


Python FastAPI framework’s first commit dates from 5th December 2018, followed by the first release on 25th December 2018. It was created by Sebastián Ramírez as a direct reflection of his several years of experience in creating APIs with complex requirements.

The FastAPI framework is the result of combining the best ideas and features of each of the many different frameworks, plug-ins and tools he used to make it easier to build suchs complex APIs. FastAPI aims to provide the best development experience possible for all developers and provides auto-generated interactive docs, in OpenAPI format, from the code written by the developer.

The integration of Approov within a Python FastAPI server will ensure that your API can only be accessed by genuine instances of your mobile app. Scripts and bots will be blocked. This is achieved by adding the Approov SDK to your mobile app. Implementing the Approov Token check in your Python code couldn’t be easier because the token is a regular signed JWT. All you need is to use the jpadilla/pyjwt package to check the expiry time and verify the signature with the secret known only by your Python FastAPI server and the Approov cloud service.

To enhance the protection of your Python FastAPI server further, you can secure each request by using the Approov Token Binding advanced feature of Approov. This allows you to check the binding of a header in the request with the Approov token itself, for example, the user authentication header.

Please follow one of the Quickstart guides in the repo to learn how to integrate Approov into your current Python FastAPI project.

If you have any questions around why or how to use Approov in your Python FastAPI project, don’t hesitate to contact us.


Photo by Chris Peeters from Pexels


Paulo Renato

Paulo Renato is known more often than not as paranoid about security. He strongly believes that all software should be secure by default. He thinks security should be always opt-out instead of opt-in and be treated as a first class citizen in the software development cycle, instead of an after thought when the product is about to be finished or released.