We're Hiring!

Approov Blog
API Keys

The Rise of Super Apps: Challenges & Opportunities in Mobile Security

November 9, 2023

In recent years, the tech world has witnessed a significant shift towards what are known as "super apps." These mobile applications have become increasingly popular, offering a plethora of services within a single, convenient platform. While they present numerous opportunities for users and businesses, they also bring forth a set of unique challenges, particularly in the realm of mobile security. Read Full Story

Is Code Obfuscation Worth it?

April 10, 2023

As a developer once said… It depends!!! In a nutshell, it depends on what is motivating you to use obfuscation in the first place. If you plan to use only code obfuscation as a security measure then you may end up with a Maginot Line on your security defences. Read Full Story

Do You Want to Know a Secret? Just Take a Look Inside Top Finance Apps

March 7, 2023

Financial apps have access to valuable and sensitive personal data, so you would think mobile app security would be top-of-mind for financial institutions. But is it? Read Full Story

ChatGPT and API Security

February 3, 2023

First of all, this blog was written by a human being! Now that that's out of the way, let's get onto our main topic for today which is to take a look at ChatGPT and use it to understand some key aspects of mobile security. Read Full Story

Can I Share My API Key?

November 28, 2022

An API key is a token provided by a client when making API calls. It is used to authenticate and authorize access to specific resources. In this article, we answer the question, "Can I share my API key?" and provide some guidance on when it is appropriate to do so. Read Full Story

Is API Authentication Secure?

August 23, 2022

API authentication is about proving that whoever is trying to access an API is who they say they are. This is sometimes confused with authorization which is about proving that whoever is trying to access data via the API has the right to access that data. In this article we’ll discuss the main API authentication methods (HTTP basic authentication, API Keys and OAuth2) and whether they provide sufficient protection for your APIs. Read Full Story

Why Should You Keep Your API Key Secure?

July 12, 2022

Attacks against APIs are increasing and API key protection is central to minimizing your business risks. In this article we’ll look at what your exposures are and what you should do about it. Read Full Story

Hands-on Mobile App and API Security - Runtime Secrets Protection

July 4, 2022

In a previous article we saw how to protect API keys by using Mobile App Attestation and delegating the API requests to a Proxy. This blog post will cover the situation where you can’t delegate the API requests to the Proxy, but where you want to remove the API keys (secrets) from being hard-coded in your mobile app to mitigate against the use of static binary analysis and/or runtime instrumentation techniques to extract those secrets. Read Full Story

How Should API Keys be Stored?

June 27, 2022

Mobile app developers keep hearing that they shouldn’t store API keys in their app code but they don’t hear where they should store them. In this article we discuss the topic and provide some practical solutions. Read Full Story

How to Prevent API Abuse

May 27, 2022

API abuse, when the API is used in an unexpected way, is a growing problem in software development and one of the leading attack vectors cybercriminals exploit. According to a recent security research report that surveyed more than 200 enterprise security professionals, there was a 21.32% growth in malicious API call volume between December 2020 and December 2021. The same study also established that 95% of respondents had suffered an API security incident in the past year. Read Full Story