With Approov you control what can access your mobile app backend API in a secure and easily deployable manner. Our customers confidently allow API access from iOS and Android devices knowing that Approov will only authenticate legitimate instances of your mobile apps without relying on embedded secrets or keys stored in the app itself.
This capability prevents misuse of your API by either automated software agents or unauthorized third-party apps, providing the basis for a range of API access management policies.
APPROOV TOKEN PLUGIN
Learn how to integrate Approov in the Kong API Gateway by enabling the Approov Token check with the native Kong JWT plugin, and use this plugin to add the Approov Token Binding check.
NOTE: The Kong compatibility list of supported versions for the Approov Token plugin is not exhaustive, previous versions not listed may work, but are untested. Please contact us in case you need to integrate Approov with untested or incompatible Kong versions.
APPROOV QUICK START
For a quick start of integrating Approov in your current Kong API Gateway please follow this guide.
APPROOV DEMO
This demo has the goal of showing to both experienced and inexperienced Kong users how Approov can be integrated into the Kong API Gateway, and also includes the Approov Token Binding check, an advanced feature of Approov, that can be used to bind a user authentication token with the Approov token.
KONG ADMIN
In order to setup the Approov Token check in the quick start and in the demo we have used the Kong Admin API via curl requests, as in the official Kong docs.
Step by Step
Read the Step by Step guide to learn how to use the ./kong-admin helper script. This script wraps the curl requests for interacting with the Kong Admin API to setup the demo.
Deep Dive
Take the deep dive to learn how to use the Kong Admin API with raw curl requests and read the detailed explanations for each request.