Link11 WAAP
v5
v5
  • Link11 WAAP Documentation
  • Release Notes
  • Known Issues
  • User Guide
    • Introduction to Link11 WAAP
  • How Link11 WAAP Works
    • Traffic Filtering Process
    • Traffic Reporting and Analytics
    • Policy Mapping and Traffic Routing
    • Tagging
    • UI Overview and Common Elements
  • Console UI Walkthrough
    • Analytics
      • Dashboard
      • Events Log
    • Security
      • Global Filters
      • Flow Control Policies
      • Security Policies
      • Rate Limit Rules
      • ACL Profiles
      • Actions
      • Dynamic Rules
      • Quarantined
      • Content Filter
        • Content Filter Profiles
        • Content Filter Rules
    • Sites
      • Server Groups
      • Proxy Templates
      • Mobile Application Groups
      • Backend Services
      • Edge Functions
      • DNS Records
      • SSL
        • Load Balancers
        • Certificates
    • System
      • Interactive Challenge
      • SSO Configuration
      • Purge CDN Cache
      • Users Management
      • Security Alerts
      • Log Exporters
      • Version Control
      • System DB
      • Publish Changes
    • Account
  • Using the product
    • Best Practices
      • Saving and Publishing Your Changes
      • Enabling Passive Challenges
      • Understanding and Diagnosing Traffic Issues
    • How Do I...
      • Authenticate mobile app users
      • Ban, unban, and allowlist traffic sources
      • Bypass Link11 WAAP for loadtesting or other purposes
      • Configure a new path/section of a site
      • Control caching behavior
      • Enable GraphQL traffic
      • Enable mTLS (mutual TLS)
      • Protect sensitive information in logs and analytics
      • Quickly block an attacker
      • Redirect or block HTTP traffic
      • Run custom code
      • Set rate limits and exemptions
      • Stream event data to a SIEM solution or other destination
    • The Link11 WAAP API
      • Overview
      • Internal data structures
      • Using Swagger UI
      • Using curl
  • Reference Information
    • Acronyms
    • API
      • API access to traffic data
      • Types of namespaces
      • Namespace reference
        • ACL Profiles
        • Actions
        • Backend Services
        • Certificates
        • Configs
        • Content Filter Profiles
        • Content Filter Rules
        • Data queries
        • Dynamic Rules
        • Edge Functions
        • Flow Control Policies
        • Global Filters
        • Load Balancers
        • Log Exporters
        • Mobile Application Groups
        • Planets
        • Proxy Templates
        • Rate Limit Rules
        • Security Alerts
        • Security Policies
        • Server Groups
        • Tags
        • Tools
        • Users
    • Hostile Bot Detection / LWCSI
      • Environmental detection and browser verification
      • Client authentication
      • Biometric behavioral verification
    • HTTP Response Codes
    • Log Exporter Output
    • Pattern Matching Syntax
    • Query Filter Syntax and Best Practices
  • Support
Powered by GitBook
On this page
  • Overview
  • Acquiring the SDK
  • Usage
  • Administration
  • Components
  • Name
  • Description
  • Token header name (optional)
  • Grace period
  • App signatures
  • Profiles

Was this helpful?

Export as PDF
  1. Console UI Walkthrough
  2. Sites

Mobile Application Groups

PreviousProxy TemplatesNextBackend Services

Last updated 1 month ago

Was this helpful?

Overview

Link11 WAAP includes a Mobile SDK: a unique client certification mechanism for iOS and Android apps. Customers can publish their applications with the SDK embedded.

In use, the SDK signs the application, authenticates the device, and verifies user identity, adding a cryptographic HMAC signature to each request. The SDK provides a reliable and secure mechanism to confirm that the traffic is originating from a legitimate app user and not a bot or emulator.

Acquiring the SDK

The latest version of the Mobile SDK, including instructions and code samples, is available here:

Below, we discuss the parameters to configure within L11WAAP for receiving requests from mobile applications.

Usage

Administration

The main window (shown above) lists all currently defined Mobile Application Groups.

Components

Name

The name of this Mobile Application Group, for use within the interface.

Description

A description of this Mobile Application Group, for use within the interface.

Token header name (optional)

The name of the header that contains the user authentication token. This can be left blank.

Grace period

The allowable time between the timestamp of a request and the time that L11WAAP receives the request from the application. Requests with a longer delay will be rejected.

App signatures

This list contains the SHA-256 digests of recognized certificates.

When uploading the fingerprint to the L11WAAP Console, make sure that it contains hexadecimal characters only, in lowercase, without spaces.

Active mode

Any number of signatures may be 'Active' at given time.

While debugging the app on an emulator, it will present a special signature: abadbabe. Make sure this is not activated on production.

Profiles

This lists the remote profiles that can override the parameters of the SDK on all mobile clients.

The Default profile is always empty. When it is active, the SDK parameters are fully determined by the app's local configuration. Only one remote profile may be active at a given time.

A Mobile Application Group configures Mobile SDK parameters for a specific (which usually represents a domain).

The administration (addition/deletion/editing/versioning) of these Groups follows the conventions described .

To find the signature for an iOS app, you can open the Apple Development Certificate in the Keychain app, and copy the SHA-256 fingerprint. Alternatively, you can this fingerprint from the ipa bundle.

For Android app, you can get the SHA-256 fingerprint from the keystore or extract it from a signed APK with the apksigner tool (part of the Android SDK). See detailed instructions .

Server Group
extract
here
Mobile SDK v2.3.0
here