API Protection Requires Both User and App Authentication
As an API provider, you register and authenticate users and identify the app they are calling from, but is that enough to protect access and your revenue stream from malicious actors?
Whitelists and Indirection Go Together Like Chocolate and Peanut Butter
Android may have its treats, but for app and API security, whitelists and indirection used together are their own taste sensation.
The Problem with Pinning
Certificate pinning makes it impossible to eavesdrop on the contents of an app’s communications with its backend server. So why is it so rarely deployed?
Help Your Mobile API EcoSystem to Flourish
Your API and the service it provides do not exist in isolation. Without a wide ecosystem of apps connecting you to end users your business will be missing opportunities for growth.
Hands On Mobile API Security: Pinning Client Connections
Add Certificate Pinning to Your API Key Proxy to improve mobile security