We're Hiring!
Request Demo

Approov Blog
Integration (6)

Globe with connections, city lights and the Sun

Hands on Mobile API Security: Pinning Client Connections

May 31, 2017

Add TLS and Certificate Pinning While Removing Client Secrets The Hands On Mobile API Security: Get Rid of Client Secrets tutorial demonstrates how to improve API security by removing vulnerable API secrets from mobile apps. In the tutorial, you work with a simple photo client which requires an API key to access NASA’s picture of the day service. An API Proxy, introduced between your client and the picture service, removes the need for storing and protecting the API key on the client itself. Read Full Story
UGC 12591 The Fastest Rotating Galaxy Known

Hands on Mobile API Security - Using a Proxy to Protect API Keys

May 11, 2017

Editor's note: This post was originally published in May 2017 and has been revamped and updated for accuracy and comprehensiveness. The latest update was in September 2022. API keys and other secrets poorly hidden inside mobile apps are a common source of mobile insecurity. You can do much better. In this tutorial, you will work with a simple Android mobile app which uses an API key to access the NASA picture of the day service. An API Reverse Proxy introduced between your mobile app and the NASA picture service will remove the need for storing and protecting the API key on the mobile app itself. In addition to improved API security, this approach offers some benefits in manageability and scalability. Alternatively, you may choose the approach discussed in the Runtime Secrets Protection article which doesn’t require any API backend work to be done - a significant positive if you don’t have a backend team immediately available and need a solution ASAP. Read Full Story
Digital healthcare concept; male doctor using tablet (1)

Digital Healthcare: MU3 and API Security

March 10, 2017

There is a revolution underway in healthcare in the USA. At its heart is MU3, Meaningful Use Stage 3 of the Electronic Health Record incentive program. One of the goals of this program is to empower patients and give them greater access to their medical records. Healthcare providers will have a legal responsibility to allow patients to access their data and they also have a responsibility to ensure the security of the data they provide. They have to walk a fine line between ease of access and security, and they have to do it by 2018. Read Full Story
Metro turnstyle

API Lockdown Without the Lockout

December 6, 2016

When retrofitting an API change to an app which already has an existing install base care must be taken to handle the transition with minimal disruption to customers. Read Full Story

Posts by Topic

see all

Subscribe to our blog

Prev 2 3 4 5 6 Next

Request a Demo

Give us 30 minutes and our security experts will show you how to protect your revenue and business data by deploying Approov to secure your mobile apps and your APIs

 

Get a Trial

Approov offers a complimentary 30 day trial (no credit card necessary) to give you immediate and valuable insight into the security risks of your mobile apps and the devices they run on.