Advanced
API
Protection


Secure API Protection | Mobile App Attestation Solution | Approov

Advanced API Protection

Advanced API Protection allows endpoints to be locked down so that they will only respond to your official app, running in trusted environments, and nothing else. This blocks a wide range of attacks which are otherwise possible by spoofing API requests in various ways.

Benefits

Token Based Security

Limited lifetime token based security with automatic token renewal

Block All Forms of API Abuse

Block all forms of API abuse by proving your official app is present

Simple Backend Integration

Simple backend integration using industry standard JWTs

Securing Your APIs

Approov protects your backend APIs from API abuse, credential stuffing, fake botnet registrations, and DDoS attacks. And it protects the 3rd party APIs you use too.

Approov performs an ongoing, deep inspection of your mobile app and the device it is running upon, and based on this guarantees authenticity of requests to your backend APIs and services, using an Industry standard signed JSON Web Token (JWT).

Short Lived Cryptographic Tokens

Backend protected with JWTs

Backend API Integration

Backend API integration is only necessary if you have your own API backend and are using Approov tokens. If you are using Approov to protect API keys using Runtime Secrets Protection then no backend API integration is needed at all.

Approov tokens are added to your API request headers, and your backend API systems need to be enhanced to verify these tokens. How you handle invalid or missing Approov tokens is up to you — you might reject the requests, rate limit the access, or enable additional security measures. Approov provides the flexibility to balance your security needs against API accessibility.

Token verification is straightforward because the tokens are in the industry standard JWT format. Your code just needs to make a library call to check that each token has been correctly signed for your account, and that it has not expired.

Approov backend integration flow diagram

Backend API Quickstarts

Integrating Approov into backend services is straightforward, and Quickstart guides are provided for popular platforms below. If your platform is not listed, see Backend Integration or Contact Us.

ASP.net logo

ASP.net

AWS API Gateway logo

AWS API Gateway

Azure logo

Azure

Cloudflare Worker logo

Cloudflare Worker

Golang logo

Golang

Google Cloud logo

Google API GW for Cloud Run

Java Spring logo

Java Spring

Kong logo

Kong

Mulesoft logo

Mulesoft API Gateway

Nestjs logo

Nestjs

NGINX logo

NGINX

Swift Vapor logo

Swift Vapor

Tyk logo

Tyk

Other Features of Approov End-to-End Mobile App Security
Want to learn more about Approov?

Request a Demo

Give us 30 minutes and our security experts will show you how to protect your revenue and business data by deploying Approov to secure your mobile apps and your APIs

Get a Trial

Approov offers a complimentary 30 day trial (no credit card necessary) to give you immediate and valuable insight into the security risks of your mobile apps and the devices they run on.