The integration will automatically add special Approov tokens to your API calls that will prove to a backend API that the call is really coming from your official app, and not anything else trying to spoof requests. You control what versions of the app are valid, and also what characteristics of the runtime environment are allowed. Approov has advanced detections for debugging, rooted and jailbroken devices, and the presence of certain frameworks that might be tampering with your app. You can choose to block apps running on such devices from receiving valid tokens. What’s more, the detections can be automatically updated over the air. Approov also adds full support for certificate pinning that you can manage without having to push a new version to the app store or forcing an update.
The Approov SDK is provided as a native library, with versions available for iOS and Android. You just need to download the latest versions and include the react-native-approov module that we provide. Simply add this module into your project in the normal way using yarn.
import approovFetch from './ApproovFetchSupport';
this.fetch = approovFetch;
This imports our interceptor for fetching and then causes all fetches to delegate to it. The Approov token header is added and certificate pinning checks instituted, before passing on the request to the standard fetch implementation. We even have an Axios version too if that is your preferred networking approach. Please let us know if there is any other networking library that you would like to see supported out of the box like this in the future.