Can Approov help differentiate API calls made from my genuine app from an app that's impersonating mine by providing all the necessary headers and credentials?

Approov ensures only your own mobile apps—running in safe environments and communicating over secured connections—can use your APIs and backend resources.

Approov allows you to ensure that you only process API requests that come from genuine instances of your app. Specifically, you will be able to reject the following scenarios, all of which may be sending correct API protocol and valid credentials (username, password, API keys, etc.):

  1. Bots/scripts (no app present, spoofing API traffic).
  2. Modified or re-packaged versions of your published apps.
  3. 3rd party apps trying to access your backend (spoofing API traffic).