Approov
No search results...
F3: search down. SHIFT+F3: search up
(Latest: v3.0)
v2.9 v2.8 v2.7 v2.6 v2.5 v2.4 v2.3 v2.2 v2.1 v2.0

  • Installation
    • Setup
      • Requirements
      • Initializing the Approov CLI
      • Installation on Linux
      • Installation on MacOS
      • Installation on Windows
      • Installation using Brew
  • Reference Guide
    • Getting Started With Approov
      • Exploring Other Approov Features
      • Account Access Roles
      • Passwords
      • Installing on Another Machine
      • Account Access Recovery
      • Migrating to Account Access Roles
    • Approov Architecture
      • Key Components
      • Detection Capabilities
      • Security Rules Updates
      • Cloud Server Redundancy
    • Android SDK Integration
      • Getting the Android SDK
      • Importing the SDK into Android Studio
      • Targeting Android 11 and Above
      • Isolated Process Capability
      • Android Obfuscation
      • Use on Emulator
    • iOS SDK Integration
      • Getting the iOS SDK as an XCFramework
      • Importing the SDK into Xcode
      • Use on Simulator
      • Getting the iOS SDK as a Framework
      • Bitcode Mode Management
    • SDK Configuration
      • Getting the Initial SDK Configuration
      • Getting the Extended SDK Configuration
      • Handling Multiple Accounts
    • SDK Initialization
      • Reinitializing the SDK
    • SDK Fetch Operations
      • Fetch Status Handling
      • Fetch Latency
      • Attestation Response Code
      • Getting an Attestation Response Code
      • Rejection Reasons
    • Managing API Domains
      • Overview
      • Adding API Domains
      • Keyset Key API Addition
      • Adding No Approov Token Domains
      • Listing API Domains
      • Removing API Domains
      • Setting Wildcard Mode
      • Adding Demonstration Shapes API
    • Fetching Approov Tokens
      • Synchronous Token Fetching
      • Asynchronous Token Fetching
    • Managing Registrations
      • Android App Signing Certificates
      • iOS IPA Extraction
      • Registering an App
      • Android Registration Considerations
      • iOS Registration Considerations
      • Temporary Registrations
      • Updating Registration Expiry
      • Unversioned Registrations
      • Listing Registrations
      • Removing Registrations
      • Removing Multiple Registrations
      • Testing Android App Bundles
      • Annotating a Registration
      • Special Library Registration
      • Registration From Device
      • Registration Cloning
    • Approov Tokens
      • Token Format
      • JWS Token Signing
      • JWE Token Encryption
      • Token Lifespan
      • Token Claims
      • Obtaining Additional Token Information
      • Reporting Token Misuse
      • Checking Token Validity
      • Loggable Tokens
      • Long Lived Approov Tokens
      • IP Tracking Policy
      • Audience Inclusion
      • Issuer Inclusion
    • Backend Integration
      • Requirements
      • Account Secret Key Export
      • Account Secret Key JWK Export
      • Generating Example Tokens
      • Changing the Account Secret Key
      • Raw Account Secret Key
    • Public Key Pinning Configuration
      • Background
      • Static Pinning Issues
      • Approov Dynamic Pinning
      • Managed Trust Roots
      • Managing Pins
      • Pinning For New API Domains
      • Managing Domain Pins
      • Leaf Public Key Pin Extraction
      • Intermediate Public Key Pin Extraction
      • Certificate File Pin Extraction
      • Certificate Pins From a Device
      • Forcing Pin Application
      • Checking API Configuration
      • Getting All API Configuration
      • Setting All API Configuration
    • Public Key Pinning Implementation
      • Setting Pins
      • Reacting to Configuration Changes
      • Reacting to Force Apply Pins
      • Testing the Pinning Implementation
      • Continuous Pinning Testing
    • Security Policies
      • What is a Security Policy
      • Device Properties
      • Changing Security Policy
      • Rejection Policies
      • Custom Rejection Policies
      • Annotation Policies
      • Key IDs
    • Managing Devices
      • Extracting the Device ID
      • Device ID Stability
      • Adding a Device Security Policy
      • Labelling a Device
      • Setting Pinning Mode
      • Listing Your Devices
      • Removing Devices
      • Removing Multiple Devices
      • Banning a Device
      • Removing a Device Ban
      • Getting State of a Device
      • Clearing All Device State
    • Device Filters
      • Filtering Purpose
      • Getting Specific Device Information
      • Analyzing New Devices
      • Adding a Device Filter
      • Analyzing Filtered Devices
      • Regular Expression Filtering
      • Conjunction Filters
      • Listing Device Filters
      • Removing a Device Filter
      • Rejecting Filtered Devices
      • Banning Filtered Devices
      • Marking Filtered Devices as Risky
      • Custom Filtered Security Policy
      • Observing All Fetching Devices
      • Analyzing Captured Streams
    • Token Binding
      • Token Binding Concept
      • Setting the Binding
      • Generating Example Token with Binding
      • Backend Integration Impact
    • Apple DeviceCheck Integration
      • DeviceCheck Concept
      • Getting the DeviceCheck Key
      • Setting the DeviceCheck Key
      • Permanent Device Banning
      • Removing the DeviceCheck Key
      • Automatic Device Banning
    • Apple AppAttest Integration
      • AppAttest Status Flags
      • AppAttest Environment Setting
      • Enabling AppAttest
      • Getting AppAttest Status
      • Controlling AppAttest Assertion Rate
      • Rate Limiting AppAttest Attestations
      • Adding Apple Fraud Lookups
      • Setting Maximum Fraud Risk
    • Google SafetyNet Integration
      • How the SafetyNet Integration Works
      • Getting a SafetyNet API Key
      • Setting the SafetyNet API Key
      • Removing the SafetyNet API Key
      • App Build Requirements
      • Signing Certificate Integrity
      • Adjusting the SafetyNet API Quota
    • Secure Strings
      • Enabling Secure Strings
      • Managing Predefined Secure Strings
      • Fetching Predefined Secure Strings
      • App Instance Secure Strings
    • Custom JWTs
      • Enabling Custom JWTs
      • Fetching Custom JWTs
      • Custom JWT Key Set Usage
    • Web Protection Integration
      • Web Protection Flow
      • Implementing the Integrated Service Flow
        • Enable Web Protection for an API
        • FingerprintJS
          • FingerprintJS Signup and Setup
          • Configure Approov with a FingerprintJS Subscription
          • Call Approov Web Protection with FingerprintJS
          • Approov embed token claim for FingerprintJS
        • Google reCAPTCHA
          • reCAPTCHA Signup and Setup
          • Configure Approov with a reCAPTCHA Site
          • Call Approov Web Protection with reCAPTCHA
          • Approov embed token claim for reCAPTCHA
        • hCaptcha
          • hCaptcha Signup and Setup
          • Configure Approov with an hCaptcha Site
          • Call Approov Web Protection with hCaptcha
          • Approov embed token claim for hCaptcha
        • Web Protection Metrics Presentation
        • Web Protection Service Reference
          • Domains
          • Endpoints
          • Using Multiple Integrated Services to Protect Your API
          • Web Protection Token Binding
          • Troubleshooting Web Protection Errors
    • Managing Key Sets
      • Adding a New Key
      • Listing Keys
      • Removing Keys
      • Getting Public Key PEM
      • Getting Keyset JWKS
      • Importing Keys
    • Message Signing
      • Enabling Message Signing
      • Getting the Message Signing Key
      • Disabling Message Signing
      • Generating Message Signatures in the App
      • Checking Message Signatures in the Backend
    • Android Automated Launch Detection
    • Metrics Graphs
      • Grafana
      • Metrics Naming
        • Summary Metrics
        • Flag Metrics
        • App Metrics
        • SDK Metrics
        • Policy Metric
        • Filter Metrics
        • Web Protection Metrics
      • Live Metrics
      • Billing Usage
      • Hourly Metrics
      • Daily Metrics
      • Monthly Metrics
      • SDK Metrics
      • Exporting Data
    • Service Monitoring
      • Summary Emails
      • API Monitoring
      • Managing Alert Email
      • Managing Email Recipients
      • Setting Summary Frequency
      • Emergency Contact
      • Healthcheck Endpoint
    • User Management
      • Best Practice
      • User Roles
        • Admin Role
        • Delegate Role
        • Pentest Role
        • Automation Role
      • Adding New User Roles
      • Access Expiry Reminders
      • Listing User Roles
      • Revoking User Access
      • Resending Onboarding Emails
    • Automated Approov CLI Usage
      • Creating an Automation Management Token
      • Automation Setup on Linux
      • Automation Setup on MacOS
      • Automation Setup on Windows
      • Retrieving an Existing Automation Management Token
    • Offline Security Mode
      • Use Case
      • Operational Flow
      • Backend Integration
      • Remote Hardware Integration
      • Requesting a Baseline Measurement
      • Persisting the Measurement Configuration
      • Getting a Measurement Proof
  • Quickstart Integrations
    • Frontend Mobile App
    • Frontend Web Browser
    • Backend API
  • Trial Guide
    • How to Setup and Run a Successful Trial
      • Before You Start The Trial
      • Sign Up for an Approov Trial
      • Integrate Into Your App
      • Monitor Your API Traffic with Approov Metrics
      • Initializing the Approov CLI
      • Registering Apps
      • Adding APIs to be Protected
      • Integrate Into Your Backend
      • Deploying Blocking Protection
      • Test Your Platform
      • Advanced Features
  • Release Notes
    • Version 3.0
    • Version 2.9
    • Version 2.8
    • Version 2.7
    • Version 2.6.1
    • Version 2.6
    • Version 2.5
    • Version 2.4
    • Version 2.3
    • Version 2.2
    • Version 2.1
    • Version 2.0
    • Version 1.12
    • Version 1.11
    • Version 1.10
    • Version 1.9
    • Version 1.8
    • Version 1.7
    • Version 1.6
    • Version 1.5
    • Version 1.4
    • Version 1.2
    • Version 1.0
  • CLI Tool Reference
    • Overview
      • API Command
      • AppAttest Command
      • App Signing Certificates Command
      • Custom JWT Command
      • Device Command
      • DeviceCheck Command
      • Filter Command
      • Init Command
      • Keyset Command
      • Monitoring Command
      • Metrics Command
      • Password Command
      • Pin Command
      • Policy Command
      • Registration Command
      • Role Command
      • SafetyNet Command
      • SDK Command
      • Secret Command
      • Secure Strings Command
      • Support Command
      • Token Commands
      • Users Command
      • Web Command
      • Whoami Command
  • Mobile SDK Reference
    • Approov SDK Interface
      • Initialization
      • Configuration Fetching
      • Getting the Device ID
      • Pins Extraction
      • Pins JSON Extraction
      • Fetch Result
      • Synchronous Token Fetch
      • Asynchronous Token Fetch
      • Synchronous Secure String Fetch
      • Asynchronous Secure String Fetch
      • Synchronous Custom JWT Fetch
      • Asynchronous Custom JWT Fetch
      • Token Binding
      • Integrity Measurement Proof
      • Device Measurement Proof
      • Message Signing
      • Set User Property
      • Set Activity
  • Go-Live Checklist
    • Go Live Checklist
      • API Backend
        • 1. Token Check Integration
        • 2. Pinning Related
      • Mobile App
        • Production Release Process
        • For Direct SDK Integrations

© 2001-2022 CriticalBlue Ltd.

Home
Navigation

Installation

Approov installation documentation

Reference Guide

Step by step reference guide

Quickstart Integrations

Examples for mobile and backend platforms

Trial Guide

How to Setup and Run a Successful Trial

Release Notes

Release notes for all Approov versions

CLI Tool Reference

Reference for administrating your Approov service

Mobile SDK Reference

Reference for the mobile SDK interface

Go-Live Checklist

Things to check before going live with Approov in production