We're Hiring!

Approov Web Protection with FingerprintJS

twitter-single-image-tweet-Jun-24-2021-02-01-16-73-PM

Approov is an API security solution used to verify that requests received by your API services originate from trusted versions of your apps. It provides a very strong indication that a request can be trusted. The core Approov product is targeted at mobile apps, however, we provide several integrations with 3rd party web protection solutions so that a single backend Approov check can be used to authorize API access whether it originates from your mobile or web app.

FingerprintJS provides a powerful mechanism for fingerprinting the browser environment of a user and deriving a visitor ID based on both the raw fingerprint and the history of prior visits for that user. This visitor ID can then be compared against a user identity in the backend system to determine if they match. If they do, then there is a high probability that it is indeed the correct user and operations can proceed. If not, then this may indicate an attempt at account takeover or simply that the user has moved to a different browser environment and/or device. In either case, additional verification steps should be introduced into the flow to protect the user’s account.

The FingerprintJS integration with Approov enables you to use the same simple token check for your backend API endpoints whether a request comes from your mobile or web app. After checking Approov token validity, the included claims can be used to differentiate between requests coming from the mobile or web channels and react differently when that is necessary. If required, the full response from the FingerprintJS check can be embedded in the Approov token to be used by that logic.

Please follow the Quickstart guide on GitHub to learn how to integrate FingerprintJS with Approov in your web app.

If you have any other questions related to Approov, please don’t hesitate to contact us.

Cover Photo by Immo Wegmann on Unsplash

 

Paulo Renato

Paulo Renato is known more often than not as paranoid about security. He strongly believes that all software should be secure by default. He thinks security should be always opt-out instead of opt-in and be treated as a first class citizen in the software development cycle, instead of an after thought when the product is about to be finished or released.