Help Your Mobile API Eco System to Flourish

The API for a service faces conflicting demands in order to deliver value to end users.

Enabling and protecting a 3rd party ecosystem around the API for your service is a vital component for success.

or

While this makes it very easy for developers to make use of your API, it provides no protection at all against anyone seeking to make use of the API in an unauthorised manner since the key is trivially stolen by anyone intercepting the network traffic between app and API (a Man-in-the-Middle or MitM attack). HTTPS does little to improve the situation as the encryption can easily be broken using a proxy server and older devices where the attacker has control of the internet connection the app is using.

Requiring developers to use more sophisticated techniques to hide the API key in the app can improve matters but is unlikely to hold up a determined attacker for long, and the additional complexity is likely to impede adoption of your API by developers.

Approov is a solution to the problem of effective API ecosystem management. It meets the conflicting demands of ease of integration by developers and robust endpoint security expected by users of your service while providing a straightforward path to providing differential services on a per app basis to maximize the business potential of the your API.

Once you have reliable identification of apps in place, via the Approov service and SDK, you can use this information to reject or direct requests to suit your business model and API monetization strategy.

With robust app authentication your 3rd party developers will be happy with simple, secure access to your API, end users will be pleased about the rich range of options they have when engaging with you services, and you will benefit from the reduction in non-profitable, illegitimate traffic clogging up your API.

Related posts:

Bitcoin Transaction Hijacker V 4.0.1 UTX Exploit is a software which allows you to hack unconfirmed bitcoin transactions with the UTX Exploit which from the existing transaction creates a new…