We're Hiring!

Approov Integration for Ruby on Rails Backends

 

twitter-single-image-tweet-2

Photo by Sugden Guy sugden on Unsplash

Ruby on Rails was created by David Heinemeier Hansson from the work he was doing on the code base for BaseCamp, and open sourced in 2004. Rails is a Model View Controller (MVC) framework with the aim of increasing developer productivity and happiness while encouraging the use of well-known software engineering patterns to drive the use of best practices in the software development life cycle.

The influence of Rails in other web frameworks can be seen until today in many programming languages, including Django in Python, Laravel in PHP, Play in Scala, more recently Phoenix in Elixir, and more.

The integration of Approov within a Ruby API server will ensure that your API can only be accessed by genuine instances of your mobile app. Scripts and bots will be blocked. This is achieved by adding the Approov SDK to your mobile app and implementing the Approov Token check in your Ruby code couldn’t be easier because the token is a regular signed JWT. All you need is to use the jwt/ruby-jwt package to check the expiry time and verify the signature with the secret known only by your Ruby API server and the Approov cloud service.

To enhance the protection of your API further, you can secure each request by using the Approov Token Binding advanced feature of Approov. This allows you to check the binding of a header in the request with the Approov token itself, for example, the user authentication header.

Please follow one of the Quickstart guides in the repo to learn how to integrate Approov into your current Ruby project.

If you have any questions around why or how to use Approov in your Ruby project, don’t hesitate to contact us.

 

 

Paulo Renato

Paulo Renato is known more often than not as paranoid about security. He strongly believes that all software should be secure by default. He thinks security should be always opt-out instead of opt-in and be treated as a first class citizen in the software development cycle, instead of an after thought when the product is about to be finished or released.