Since 2001, Approov has been providing mobile app protection and mobile API security for apps on Android, iOS, and HarmonyOS.
Here, you'll find open source quickstarts, SDK examples, service layers, and more to help you learn how to integrate Approov into your mobile apps.
Approov helps teams protect APIs from:
- fake or repackaged mobile apps
- bots and scripted API abuse, such as app scraping
- stolen API keys and embedded secrets
- man-in-the-middle attacks
- unauthorized clients calling mobile APIs directly
- compromised or risky runtime environments
Approov verifies that API requests come from genuine, untampered mobile apps running in trusted environments. Verified apps receive short-lived Approov tokens or runtime secrets that backend services can validate before allowing API access.
How we do it:
- Mobile app attestation
- Runtime Application Self Protection, or RASP
- Mobile API protection
- Runtime secrets protection
- Dynamic certificate pinning
- Token binding and JWT validation
- Real-time mobile threat intelligence
- shipfast-api-protection — practical mobile API security walkthrough
- react-native-cert-pinner — certificate pinning for React Native
- quickstart-react-native — Approov integration for React Native apps
- quickstart-flutter-httpclient — Approov integration for Flutter mobile apps
- approov-service-okhttp — Android service layer for OkHttp
- approov-service-urlsession — iOS service layer for URLSession
| Platform or framework | Example repositories |
|---|---|
| Android | Android Java HttpsUrlConnection, Kotlin OkHttp, Kotlin Retrofit, Java Volley |
| iOS | Objective-C, Swift URLSession, Swift Alamofire, WebView |
| Cross-platform | React Native, Flutter Httpclient, Cordova, Unity |
Approov service layers are wrappers for the Approov SDK to enable easy integration with your build.
Some popular examples include: React Native, URL Session, OK Http, Volley, Retrofit, Android WebView, Https Url Connection, Moya, Alamofire, and many more!
Our service layers are all open source. If you're looking for one in particular, you'll find them all when searching our organization on GitHub.
Use these examples to validate Approov tokens before allowing traffic to reach protected APIs.
| Backend or gateway | Example repositories |
|---|---|
| Node.js | Express and General token checks |
| Python | Flask and FastAPI token check examples |
| PHP | Laravel and generic PHP token checks |
| Azure | Azure Functions and API Management |
- Developer docs: https://approov.io/docs/
- Quickstarts: https://approov.io/resource/quickstarts/
- Changelog: https://approov.io/changelog
- Blog: https://blog.approov.io/
- Free trial: https://approov.io/signup/
| Repository | Use case |
|---|---|
| shipfast-api-protection | Walkthrough of API keys, static HMAC, dynamic HMAC, dynamic certificate pinning, and mobile app attestation |
| hands-on-api-proxy | Learn how to remove API keys and secrets from mobile apps using an API proxy |