Rapid Deployment

Mobile App Integration

Adding Approov to your iOS or Android app is easy. A wide range of platforms are supported using our Quickstarts. The quickstart and SDK handles all of the interactions with the cloud service and implements a networking interceptor model that automatically adds an Approov token or secured API key to the required API requests. Dynamic pinning is also implemented. The attestation process is managed automatically, refreshing as needed.

After mobile app integration, you register each app version with the Approov command line tool. This process analyzes the app and passes signature information to the Approov cloud service so that your app can be positively identified as a genuine app in the field. You then publish your app as normal. App signatures can be removed from the Approov service at any time, allowing tight control of which versions of your app can access your API.

Mobile App Quickstarts

Quickstart guides are provided for popular developer platforms below:

If your platform is not listed, see Direct SDK Integration or Contact Us.

Backend API Integration

Backend API integration is only necessary if you have your own API backend and are using Approov tokens. If you are using Approov to protect API keys using Runtime Secrets Protection then no backend API integration is needed at all.

Approov tokens are added to your API request headers, and your backend API systems need to be enhanced to verify these tokens. How you handle invalid or missing Approov tokens is up to you — you might reject the requests, rate limit the access, or enable additional security measures. Approov provides the flexibility to balance your security needs against API accessibility.

Token verification is straightforward because the tokens are in the industry standard JWT format. Your code just needs to make a library call to check that each token has been correctly signed for your account, and that it has not expired.