Skip to content

Latest commit

 

History

History
43 lines (26 loc) · 2.85 KB

File metadata and controls

43 lines (26 loc) · 2.85 KB

Approov Integration Testing

Approov is an API security solution used to verify that requests received by your backend services originate from trusted versions of your mobile apps.

Testing the Approov Integration

Each Quickstart has at their end a dedicated section for testing, that will walk you through the necessary steps to use the Approov CLI to generate valid and invalid tokens to test your Approov integration without the need to rely on the genuine mobile app(s) using your backend.

Testing with Postman

A ready-to-use Postman collection can be found here. It contains a comprehensive set of example requests to send to the backend server for testing. The collection contains requests with valid and invalid Approov tokens, and with and without token binding.

Testing with Curl

An alternative to the Postman collection is to use cURL to make the API requests. Check some examples here.

The Dummy Secret

The valid Approov tokens in the Postman collection and cURL requests examples were signed with a dummy secret that was generated with openssl rand -base64 64 | tr -d '\n'; echo, therefore not a production secret retrieved with approov secret -get base64, thus in order to use it you need to set the APPROOV_BASE64_SECRET, in the .env file for each Approov integration example, to the following value: h+CX0tOzdAAR9l15bWAqvq7w9olk66daIH+Xk+IAHhVVHszjDzeGobzNnqyRze3lw/WVyWrc2gZfh3XXfBOmww==.

Issues

If you find any issue while following our instructions then just report it here, with the steps to reproduce it, and we will sort it out and/or guide you to the correct path.

Useful Links

If you wish to explore the Approov solution in more depth, then why not try one of the following links as a jumping off point: