Add a Unique Shared Secret To Any Mobile App Client Requests

Shared Secret is a service allows you to specify a secret that will be embedded by Appdome in each client request. This secret will be verified by the application backend server and as a result, will identify the valid fused app.

This Knowledge-base article provides step-by-step instructions for using Appdome to add “Shared Secret” to any Android and iOS mobile app.

About Appdome Shared Secret

While Appdome verifies the authenticity of the SSL certificates received from the server against a predefined set of Certificate Authority (CA) certificates with the Trusted Session feature, the Shared Secret feature validates the client app against the backend server. By specifying a unique secret that will be included in the header of every URL request made by the application, this service allows the backend server to identify the fused app and verify its validity. All traffic to the backend server without the shared secret will be blocked.

Appdome is a mobile integration platform as a service (iPaaS) that allows users to add a wide variety of features, SDKs, and APIs to Android and iOS apps. Using Appdome’s simple ‘click to integrate’ user interface, the Appdome platform enables anyone (developers or non-developers) to easily add shared secret to any iOS or Android app – instantly, without source code or development.

Using Appdome, there is no development or coding required. For example, there is no Appdome SDK, libraries, or plug-ins to implement. Users merely upload mobile apps, select the shared secret service and click “Build My App.” The Appdome technology adds shared secret and more to the app automatically, with no manual development work at all.

The Android App Bundle lets you more easily deliver a great experience in smaller app size, by creating “splits”, allowing the play store the ability to tailor fit the app to the phone it’s being installed on, Downloading only the relevant resources.

Prerequisites for Using Appdome Shared Secret

In order to use Appdome’s no code implementation of the shared secret, you’ll need:

  • In order to use Appdome’s no code implementation of whatever, you’ll need:
  • Appdome account
  • Mobile application (.ipa for iOS, or .apk or .aab for Android)
  • The desired secret text
  • Signing Credentials (e.g., signing certificates and provisioning profile)
  • Pre-configured backend server to only allow client requests with this specific shared secret. For example, iRule in F5 Silverline server.

How to Add Shared Secret in Any Mobile App on Appdome

Upload a Mobile App to Your Account

Please follow these steps to add a mobile app to your Appdome account.

If you don’t have an Appdome account, click here to create an account.

Select the Build Tab. Beneath the Build Tab, select Security.
Expand the sub-category Secure Communication

  1. Enable or toggle “ON” Shared Secret
  2. Enter a unique text that comprises your secret
  3. (Optional) specify a name for the signature header (e.g. X-MYCOMPANY-SIGNATURE).
  4. (optional) to encrypt the Shared Secret – Expand the sub-category TOTALData™ Encryption under the Build tab and enable “Data at Rest Encryption”
  5. Click Build My App

The technology behind Add Context to My App has two major elements – (1) a microservice architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks and methods in each app and match the app to the relevant code-sets needed to customize your mobile app in seconds. For example, adding a shared secret in every URL made by the application.

Congratulations! When Appdome completes your requested integration, you’ll see the notice below. You now have a mobile app fully integrated with a shared secret

After Adding Shared Secret to a Mobile App on Appdome

After you have added a shared secret to any Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project. Read this Knowledge Base article to learn what to do after you successfully build an app. It explains both optional steps and required steps.

Sign your Appdome Built AAB app (Required)

In order to deploy an Appdome-Built AAB app, it must be signed. Appdome allows you to choose from the following options:

For more information on how to upload your signing credentials to Google and enroll your AAB app please review this knowledge base article.

Signature – The Built app need to be resigned, it is required because Appdome changes the app content.

That’s it – Enjoy Appdome User Agent in your app!

How Do I Learn More?

To learn more about how you can add security to any mobile app, visit the Appdome Mobile Security  on our website.

You can request a demo at any time.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Liron Dror

Have a question?

Ask an expert

LironMaking your security project a success!