How to use SecureAPI™

With the Trusted Session feature, Appdome verifies the authenticity of the SSL certificates received from the server, against a predefined set of Certificate Authority (CA) certificates, during a secure communication exchange.

SecureAPI™ allows the user to verify certificates for specific domains in different methods. Each Service Domain can be configured using * as a wildcard value to impact multiple domains.
The default behavior for a Service Domain on an app Built on Appdome is to validate with known CA certificates. Here are the SecureAPITM Schemes that can be configured with SecureAPITM :

  1. Chain Evaluation – allows uploading individual certificate files in either PEM or DER format or multiple files in a single ZIP. These certificates will be treated as CA certificates and will replace the default predefined CA certificates for the specific domain.
    Appdome will pin this trusted CA certificates to the app, and use it for to the session validation to the specified domain.
  2. Strict Evaluation – allows uploading individual certificate files in either PEM or DER format or multiple files in a single ZIP. These certificates will be used to create a full certificate pinning with multiple certificates on all sessions. This means that any leaf certificate in a chain received from a server for the specific domain must match one of the certificates given in order to pass verification.
  3. No Pinning – certificate chains received for the specific domain will not be verified by Appdome and they will normally fall back to the OS’s default verification process.

Prerequisites for Using SecureAPITM

How to Enforce SecureAPITM to Any Mobile App on Appdome 

Follow these step-by-step instructions to enforce SecureAPITM:

Upload a Mobile App to Your Account

Please follow these steps to add a mobile app to your Appdome account.
If you don’t have an Appdome account, click here to create an account.

From the Build tab, go to the Security menu.

  1. Click  Secure Communications to expend the bundle
  2. Click on the toggle to enable Trusted Session
  3. Expand SecureAPITM.
  4. Add a Pinning Profile.
  5. Enter a Service Domain.
  6. Select a Pinning Scheme.
  7. Add Certificate(s).
  8. If you want to add another Service Domain click Add Pinning Profile.
  9. Click Build My App.

The technology behind Build My App has two major elements – (1) a microservice architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks and methods in each app and match the app to the relevant code-sets needed to add SecureAPITM to the mobile app in seconds.

Congratulations! You now have a mobile app fully integrated with SecureAPITM.

What to do After I Build My App?

After you’ve Configured SecureAPITM to any mobile application on Appdome, there are a few additional steps needed to complete your mobile integration project.

That is it – Your applications now have the most comprehensive SecureAPITM configuration with Trusted Session.

How Do I Learn More?

You might want to check-out additional ways in which you can further secure your application’s communication like enforcing the TLS version, cipher suites, and certificate roles.

To zoom out on this topic, visit Appdome for Mobile App Security on our website or request a demo at any time.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Kai Kenan

Have a question?

Ask an expert