Approov is an API security solution used to verify that requests received by your backend services originate from trusted versions of your mobile apps.
Each Quickstart has at their end a dedicated section for testing, that will walk you through the necessary steps to use the Approov CLI to generate valid and invalid tokens to test your Approov integration without the need to rely on the genuine mobile app(s) using your backend.
- Approov Token test examples.
- Approov Token Binding test examples.
A ready-to-use Postman collection can be found here. It contains a comprehensive set of example requests to send to the backend server for testing. The collection contains requests with valid and invalid Approov tokens, and with and without token binding.
An alternative to the Postman collection is to use cURL to make the API requests. Check some examples here.
The valid Approov tokens in the Postman collection and cURL requests examples were signed with a dummy secret that was generated with openssl rand -base64 64 | tr -d '\n'; echo, therefore not a production secret retrieved with approov secret -get base64, thus in order to use it you need to set the APPROOV_BASE64_SECRET, in the .env file for each Approov integration example, to the following value: h+CX0tOzdAAR9l15bWAqvq7w9olk66daIH+Xk+IAHhVVHszjDzeGobzNnqyRze3lw/WVyWrc2gZfh3XXfBOmww==.
If you find any issue while following our instructions then just report it here, with the steps to reproduce it, and we will sort it out and/or guide you to the correct path.
If you wish to explore the Approov solution in more depth, then why not try one of the following links as a jumping off point: