Mobile Application Groups

Overview

Link11 WAAP includes a Mobile SDK: a unique client certification mechanism for iOS and Android apps. Customers can publish their applications with the SDK embedded.

In use, the SDK signs the application, authenticates the device, and verifies user identity, adding a cryptographic HMAC signature to each request. The SDK provides a reliable and secure mechanism to confirm that the traffic is originating from a legitimate app user and not a bot or emulator.

Acquiring the SDK

The latest version of the Mobile SDK, including instructions and code samples, is available here:

Mobile SDK v2.3.0

Below, we discuss the parameters to configure within L11WAAP for receiving requests from mobile applications.

Usage

A Mobile Application Group configures Mobile SDK parameters for a specific Server Group (which usually represents a domain).

Administration

The main window (shown above) lists all currently defined Mobile Application Groups.

The administration (addition/deletion/editing/versioning) of these Groups follows the conventions described here.

Components

Name

The name of this Mobile Application Group, for use within the interface.

Description

A description of this Mobile Application Group, for use within the interface.

Token header name (optional)

The name of the header that contains the user authentication token. This can be left blank.

Grace period

The allowable time between the timestamp of a request and the time that L11WAAP receives the request from the application. Requests with a longer delay will be rejected.

App signatures

This list contains the SHA-256 digests of recognized certificates.

To find the signature for an iOS app, you can open the Apple Development Certificate in the Keychain app, and copy the SHA-256 fingerprint. Alternatively, you can extract this fingerprint from the ipa bundle.

For Android app, you can get the SHA-256 fingerprint from the keystore or extract it from a signed APK with the apksigner tool (part of the Android SDK). See detailed instructions here.

When uploading the fingerprint to the L11WAAP Console, make sure that it contains hexadecimal characters only, in lowercase, without spaces.

Active mode

Any number of signatures may be 'Active' at given time.

While debugging the app on an emulator, it will present a special signature: abadbabe. Make sure this is not activated on production.

Profiles

This lists the remote profiles that can override the parameters of the SDK on all mobile clients.

The Default profile is always empty. When it is active, the SDK parameters are fully determined by the app's local configuration. Only one remote profile may be active at a given time.

Last updated

Was this helpful?