The AWS API Gateway platform aims to act as the front gate for APIs hosted in AWS, on premise, or even in other cloud services. The fully managed platform allows developers to create, publish, maintain, monitor and secure APIs at any scale.
The integration of Approov within the AWS API Gateway platform will ensure that your API can only be accessed by genuine instances of your mobile app. Scripts and bots will be blocked. This is achieved by adding the Approov SDK to your mobile app. Implementing the Approov Token check in your AWS API Gateway platform couldn’t be easier because the token is a regular signed JWT. All you need is to use a lambda function as an authorizer on your API to check the Approov token expiry time and verify the signature with the secret known only by your AWS API Gateway platform and the Approov cloud service.
Please follow the Quickstart guide in the repo to learn how to integrate Approov into your current AWS API Gateway platform.
If you have any questions around why or how to use Approov in your AWS API Gateway platform project, don’t hesitate to contact us.