With the Trusted Session feature, Appdome verifies the authenticity of the SSL certificates received from the server, against a predefined set of Certificate Authority (CA) certificates, during a secure communication exchange.
SecureAPI™ allows the user to verify certificates for specific domains in different methods. Each Service Domain can be configured using * as a wildcard value to impact multiple domains.
The default behavior for a Service Domain on an app Built on Appdome is to validate with known CA certificates. Here are the SecureAPITM Schemes that can be configured with SecureAPITM :
- Chain Evaluation – allows uploading individual certificate files in either PEM or DER format or multiple files in a single ZIP. These certificates will be treated as CA certificates and will replace the default predefined CA certificates for the specific domain.
Appdome will pin this trusted CA certificates to the app, and use it for to the session validation to the specified domain.
- Strict Evaluation – allows uploading individual certificate files in either PEM or DER format or multiple files in a single ZIP. These certificates will be used to create a full certificate pinning with multiple certificates on all sessions. This means that any leaf certificate in a chain received from a server for the specific domain must match one of the certificates given in order to pass verification.
- No Pinning – certificate chains received for the specific domain will not be verified by Appdome and they will normally fall back to the OS’s default verification process.
Prerequisites for Using SecureAPITM
- Appdome account
- Appdome-DEV access
- Mobile App (.ipa for iOS, or .apk for Android)
- Signing Credentials (e.g., signing certificates and provisioning profile)
How to Enforce SecureAPITM to Any Mobile App on Appdome
Follow these step-by-step instructions to enforce SecureAPITM:
Upload a Mobile App to Your Account
From the Build tab, go to the Security menu.
- Click Secure Communications to expend the bundle
- Click on the toggle to enable Trusted Session
- Expand SecureAPITM.
- Add a Pinning Profile.
- Enter a Service Domain.
- Select a Pinning Scheme.
- Add Certificate(s).
- If you want to add another Service Domain click Add Pinning Profile.
- Click Build My App.
The technology behind Build My App has two major elements – (1) a microservice architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks and methods in each app and match the app to the relevant code-sets needed to add SecureAPITM to the mobile app in seconds.
Congratulations! You now have a mobile app fully integrated with SecureAPITM.
What to do After I Build My App?
After you’ve Configured SecureAPITM to any mobile application on Appdome, there are a few additional steps needed to complete your mobile integration project.
Please view the article here on How to Complete My Mobile Integration Project After I Build My App.
That is it – Your applications now have the most comprehensive SecureAPITM configuration with Trusted Session.
How Do I Learn More?
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.