The Tyk API Gateway was born in 2014 as an open source enterprise API Gateway, with all batteries included and no feature lockout, supporting REST, GraphQL, TCP and gRPC protocols.
The integration of Approov within the Tyk API Gateway ensures that your API can only be accessed by genuine instances of your mobile app. Scripts and bots will be blocked. This is achieved by adding the Approov SDK to your mobile app.
Implementing the Approov Token check in your Tyk API Gateway couldn’t be easier because the token is a regular signed JWT. All you need is to use the Approov Python plugin middleware to check the Approov token expiry time and verify the signature with the secret known only by your Tyk instance and the Approov cloud service. The Approov middleware is executed early in the life cycle of a request, before any user authentication or API key check, therefore not conflicting with your current setup. The Approov token can also be verified via the Tyk JWT feature, but only on projects without an API key check or any JWT check (user authentication or other JWT verification), because Tyk doesn’t support multiple JWT and API key checks.
Please follow the Quickstart guide in the repo to learn how to integrate Approov into your current Tyk API Gateway project.
If you have any questions on why or how to use Approov in your Tyk project, don’t hesitate to contact us.
Cover Photo by Quang Nguyen Vinh from Pexels
Paulo Renato is known more often than not as paranoid about security. He strongly believes that all software should be secure by default. He thinks security should be always opt-out instead of opt-in and be treated as a first class citizen in the software development cycle, instead of an after thought when the product is about to be finished or released.
