How to Automate Single Tasks Using the Appdome REST API
This KB article describes how to use the Appdome-DEV REST API to automate mobile app security by building security features directly into mobile apps as part of your DevSecOps build process and CI/CD workflows.
We hope you find this knowledge base useful and enjoy using Appdome!
What is the Appdome-DEV REST API?
Appdome-DEV enables developers to automate mobile app security end-to-end. Using Appdome’s REST-API, developers can implement any Appdome feature programmatically using the REST-API. Each step can be implemented separately or as part of a continuous end-to-end workflow.
This article details the technical specifications of these API requests.
6 Easy Steps Automate Single Tasks Using the Appdome REST API
In order to use Appdome’s REST API, you’ll need:
- An Ideal Appdome account.
- Appdome-DEV license
- Your API Token (Learn how to get your API Token)
- Team API Key (If you’re building as part of an Appdome Team)
- A Fusion Set API KEY (Learn how to get Fusion Set API Key)
- Fusion Set API KEY for the App Team (If you’re building as part of an Appdome Team)
How to Build in a Team
You can run any command for any app and Fusion Set (mobile app security templates) in any of your Teams. Just add a URL encoded parameter with your Team API Key (make sure to use a Fusion Set API Key from your Team and not personal account). For example:
https://fusion.appdome.com/api/v1/<SINGLE_TASK_API_COMMAND>?team_id=<TEAM_API_KEY>
The task requests generally are sequential so each task uses an identifier from a previous task to complete. For instance, the Upload task returns an Application ID, which is then sent to the Build Task.
Uploading Apps using the Appdome REST API -Via Amazon server
The upload process holds 3 sequential API commands:
URL | https://fusion.appdome.com/api/v1/upload-link |
---|---|
Method | GET |
Content-Type | multipart/form-data |
Headers | Authorization: <API Token> |
API Description | Provides an upload link from Amazon server and matches the unique file ID. Note that the link will expire after the retrieved expiration time.(when uploading an app into a team – add the team ID as a parameter) |
CURL Example |
|
Response Format |
|
URL | The retrieved upload link to the Amazon server from the previous command output |
---|---|
Method | PUT |
Content-Type | data binary |
Payload | App binary file (APK or IPA or AAB) |
API Description | It allows you to upload an app to the Amazon server. |
CURL Example |
|
Response Format |
|
URL | https://fusion.appdome.com/api/v1/upload-using-link |
---|---|
Method | POST |
Content-Type | multipart/form-data |
Headers | Authorization:<API Token> |
Payload | (in form format:)
|
API Description | It allows you to upload the app from the Amazon server into Appdome.
(when uploading an app into a team – add the team ID as a parameter) |
CURL Example |
|
Response Format |
|
Uploading Apps using the Appdome REST API – Via Appdome server
URL | https://fusion.appdome.com/api/v1/upload |
---|---|
Method | POST |
Content-Type | multipart/form-data |
Headers | Authorization:<API Token> |
Payload | file: file multipart content |
API Description | It allows you to upload an app to Appdome. |
CURL Example |
App Team:
|
Response Format |
|
Building Apps using the Appdome REST API
After uploading your app and getting the Application ID, you can now build it using an existing Fusion Set.
URL | https://fusion.appdome.com/api/v1/tasks |
---|---|
Method | POST |
Content-Type | multipart/form-data |
Headers | Authorization:<API Token> |
Payload Format | (in form format:)
|
API Description | It allows you to fuse a mobile app. |
CURL Example |
|
Response Format |
|
When you have to renew your API Token to complete builds:
- curl -X POST -H “Authorization:$TOKEN” https://fusion.appdome.com/api/v1/refreshApiToken
The available overrides for the Build task are:
Key | Name in Appdome | Value | Notes |
user_agent |
User Agent Customization | Boolean | Must use with user_agent_value |
user_agent_value |
User-Agent Header | String | |
|
Pre-Authentication URL | String of up to 1024 characters | Only if BlackBerry PreAuth is turned on in Fusion Set |
plugin_good_app_version |
GD Entitlement Version | String of up to 250 characters | |
plugin_good_app_id |
GD Entitlement ID | String of up to 128 characters | |
extended_logs |
Diagnostic Logs | Boolean | Only if enabled for the user. |
extended_logs_gesture_via_http |
Tap to upload logs(iOS)/ Shake to upload logs(Android) | Boolean | Must use with extended _logs . |
extended_logs_gesture_via_external_app |
Tap to email logs(iOS)/ Shake to email logs(Android) | Boolean | Must use with extended _logs . |
anti_pharming_url_list |
URL List | Array of Strings | Only if URL Whitelisting is turned on in Fusion Set |
Adding Context to Apps using the Appdome REST API
After Building your app, you can add context with the pre-configured settings of your selected Fusion Set in the previous step.
URL | https://fusion.appdome.com/api/v1/tasks |
---|---|
Method | POST |
Content-Type | multipart/form-data |
Headers | Authorization:<API Token> |
Payload Format | (in form format:)
|
API Description | It allows you to add context to a mobile app. |
CURL Example |
|
Response Format |
|
The available overrides for the Context task are:
Key | Name in Appdome | Value | Notes | |
icon_overlay |
Add Favicon | Boolean | Must use with icon_overlay_scale, icon_overlay_position, icon_overlay_filename
Must also add Form data |
|
icon_overlay_scale |
Scale | Number between 20 and 50 | ||
icon_overlay_position |
Favicon Position | ‘Top Right’, ‘Top Left’, ‘Bottom Right’, ‘Bottom Left’ | ||
customize_url_enable |
Private URL | Boolean | Must use with customize_url_value, customize_url_key . |
|
customize_url_value |
Private URL Value | String | ||
should_copy_url_to_clipboard |
Copy URL to Clipboard | Boolean | Must use with . |
|
customize_url_key |
Private URL Identifier | String | ||
app_customization_pack_bundle_version |
App Version | String | ||
app_customization_pack_bundle_identifier |
App Bundle ID | String | ||
app_customization_pack_bundle_display_name |
App Display Name | String | ||
app_customization_pack_bundle_build_number |
App Version Code | Number | ||
app_customization_key_value_list |
Custom Values | JSON | LifeCycle, Context file size should not exceed 1MB |
Signing Apps using the Appdome REST API
Using the Appdome REST API, you have 3 different choices to sign your apps:
- Automatic Signing (Android, iOS) – If you saved your signing credentials in the Fusion Set, you can use this command to sign the app automatically, and receive a signed binary.
- Private Signing (Android, iOS) – If you want to seal the app, download a non-signed binary and sign it locally.
- Auto-DEV private Signing (Android, iOS) – The app is sealed and wrapped in a signing script, which you can run to automatically sign the app locally (without uploading the certificates to the platform).
The API request for all the signing tasks are identical, only the action needs to be changed.
- For Automatic Signing use sign
- For Private Signing use seal
- For Auto-DEV Private Signing use sign_script
NOTE: When signing Android apps using Private Signing or Auto-DEV Signing, please add the certificate SHA-1 fingerprint as an override: overrides={"signing_sha1_fingerprint":""}
Example:
‘overrides={“signing_sha1_fingerprint”:”6B:D1:79:F9:5F:7B:BE:64:A3:A5:DC:59:B6:62:E8:67:4F:44:0D:54″}’
or
‘overrides={“signing_sha1_fingerprint”:”6BD179F95F7BBE64A3A5DC59B662E8674F440D54″}’
NOTE: When signing iOS apps, always add the Form data -F provisioning_profile=@<path/to/file>
For multiple provisioning profiles, add the above line for each profile.
URL | https://fusion.appdome.com/api/v1/tasks |
---|---|
Method | POST |
Content-Type | multipart/form-data |
Headers | Authorization:<API Token> |
Payload Format | (in form format:)
//For Android:
//For iOS
//For iOS when adding entitlements file
|
API Description | Allows you to sign a mobile app. |
CURL Example Sign |
|
CURL Example
Private Sign |
|
Response Format | { "task_id": ID of the created fuse task } |
Available overrides for the Signing Task:
Key | Name in Appdome | Value | Notes |
signing_keystore_use_google_signing |
Use Google Play App Signing | Boolean | Must use with signing_keystore_google_signing_sha1_key |
signing_keystore_google_signing_sha1_key |
App Signing Certificate SHA-1 or SHA-256 | String |
Getting the Status of a Task
You can send a GET request to check the status of a task (of the same user). The Task ID is sent in the URL:
URL | https://fusion.appdome.com/api/v1/tasks/<task_id>/status |
---|---|
Method | GET |
Headers | Authorization:<API Token> |
API Description | Allows you to get the status of a task by ID |
CURL Example |
|
Response Format |
|
Download Appdome’s Certified Secure Certificate (PDF)
You can send a GET request to download Appdome’s Certified Secure certificate (PDF file) of your secured app.
URL | https://fusion.appdome.com/api/v1/tasks/<parent_task_id>/certificate |
---|---|
Method | GET |
Headers | Authorization:<API Token> |
API Description | Download Appdome’s Certified Secure certificate (PDF file) of your secured app, identified by its task ID |
CURL Example |
|
Response Format | The Certified Secure certificate PDF file |
Download Appdome’s Certified Secure Certificate (JSON file)
You can send a GET request to download Appdome Certified Secure (JSON file) of your secured app.
URL | https://fusion.appdome.com/api/v1/tasks/<parent_task_id>/certificate-json |
---|---|
Method | GET |
Headers | Authorization:<API Token> |
API Description | Download Appdome’s secured certificate (JSON file) of your secured app, identified by its task ID |
CURL Example |
|
Response Format | The Certified Secure certificate JSON file |
How to Validate the Certified Secure Certificate
You can send a POST request to verify the Certified Secure certificate for the secured app.
URL | https://fusion.appdome.com/api/v1/verify-certificate |
---|---|
Method | POST |
Content-Type | multipart/form-data |
Headers | Authorization:<API Token> |
Payload Format | (in form format:)
|
API Description | Verify the Certified Secure certificate for the secured app |
CURL Example |
|
Response Format |
|
Download and Deploy Apps using the Appdome REST API
Once your app is signed or sealed, you can download your secured app using the Download GET request. The Task ID is sent in the URL:
URL | https://fusion.appdome.com/api/v1/tasks/<task_id>/output |
---|---|
Method | GET |
Headers | Authorization:<API Token> |
API Description | Allows you to get the download an Appdome-built app. |
CURL Example |
|
Response Format | Binary file |
If you used Automatic Signing, you can also automatically deploy the app using the API. First, make sure you configure the automatic deployment parameters in the Deploy page on the Platform.
To send a deployment request for any type of deployment, other the Apple’s Appstore, use this API request:
URL | https://fusion.appdome.com/api/v1/tasks |
---|---|
Method | POST |
Content-Type | application/json |
Headers | Authorization:<API Token> |
Payload Format | {
|
API Description | Allows you to deploy an Appdome-build (Automatically signed) mobile app |
CURL Example |
|
Response Format |
The JSON response from the relevant store |
To deploy your app to Apple’s Appstore, due to Apple’s requirements, you can download a script that will perform this from your Mac, using this API. The Task ID is sent in the URL:
URL | https://fusion.appdome.com/api/v1/tasks/<task_id>/deploy_script |
---|---|
Method | GET |
Content-Type | application/json |
Headers | Authorization:<API Token> |
API Description | It allows you to download a script for deploying apps to the Appstore. |
CURL Example |
|
Response Format | A bash script for deploying an app to the App Store. |
How To Learn More
Check out Appdome Platform, or learn more about Appdome-DEV REST API and Appdome-DEV.
You can also use our API requests Postman Collection.
If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.