The Azure API Management Platform aims to be the front door to APIs hosted in Azure, on premises, or even in other clouds. The managed platform allows developers to secure, monitor, transform and maintain APIs published through it, using the Azure portal or the Azure CLI.
The integration of Approov within the Azure API Management Platform will ensure that your API can only be accessed by genuine instances of your mobile app. Scripts and bots will be blocked. This is achieved by adding the Approov SDK to your mobile app. Implementing the Approov Token check in your Azure API Management Platform couldn’t be easier because the token is a regular signed JWT. All you need is to use a validate-jwt inbound policy to check the expiry time and verify the signature with the secret known only by your Azure API Management Platform and the Approov cloud service.
Please follow the Quickstart guide in the repo to learn how to integrate Approov into your current Azure API Management Platform.
If you have any questions around why or how to use Approov in your Azure API Management Platform project, don’t hesitate to contact us.
Paulo Renato is known more often than not as paranoid about security. He strongly believes that all software should be secure by default. He thinks security should be always opt-out instead of opt-in and be treated as a first class citizen in the software development cycle, instead of an after thought when the product is about to be finished or released.
