Secure API Authentication

Securing Your APIs

Only apps that have been registered with the Approov service and which meet the runtime environmental criteria are issued with valid Approov tokens. If an app is issued with an invalid token it cannot access your protected API services.

Industry standard signed JSON Web Tokens (JWT) make checking easy since they are supported by a wide range of server and API management technologies. They have a very short lifetime of minutes and are signed with keys that are never contained within the app itself, so it cannot be extracted.

Approov Backend Options

Learn How Approov Authenticates Your App

Approov performs a deep inspection of your mobile app and the device it is running upon before it will issue valid Approov tokens or API keys to them. Use integrity verification rather than obfuscation to truly eliminate secrets from your app.

Securing API Keys

Use Approov to protect access to 3rd party APIs which use API keys for access. Remove hardcoded API keys from your app. These can be migrated into the Approov cloud and only transmitted to app instances that pass the attestation checks, securing them against attackers and also allowing them to be changed without app updates.

The keys are then transmitted to the appropriate backend APIs automatically to enable secure access.

Talk to a Security Expert

Give us 30 minutes and our security experts will show you how to protect your revenue and business data by deploying Approov to secure your mobile apps and your APIs

Talk to an Expert
Approov Consultation