Approov API security solution is used to verify that requests received by your API services originate from trusted versions of your apps. It provides a very strong indication that a request can be trusted. The core Approov product is targeted at mobile apps, however, we provide several integrations with 3rd party web protection solutions so that a single backend Approov check can be used to authorize API access whether it originates from your mobile or web app.
hCaptcha is a popular service to determine if a browser is being operated by a human. It uses sophisticated machine learning models to tell humans and bots apart. This approach allows them to reduce the CAPTCHA friction for users and therefore improve the web experience. hCaptcha also provides further configuration options which extend the capabilities and/or customize behavior. For an overview of all enterprise level features, you should check out botstop.com.
The hCaptcha integration with Approov enables you to use the same simple token check for your backend API endpoints whether a request comes from your mobile or web app. After checking Approov token validity, the included claims can be used to differentiate between requests coming from the mobile or web channels and react differently when that is necessary. If required, the full response from the hCaptcha check can be embedded in the Approov token to be used by that logic.
Please follow the Quickstart guide on github to learn how to use hCaptcha with Approov in your web app.
If you have any other questions related to Approov, please don’t hesitate to contact us.
Cover Photo by Brett Jordan on Unsplash
Paulo Renato is known more often than not as paranoid about security. He strongly believes that all software should be secure by default. He thinks security should be always opt-out instead of opt-in and be treated as a first class citizen in the software development cycle, instead of an after thought when the product is about to be finished or released.
