For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.


Application-authenticity security check

Lean how to use the MobileFirst application-authenticity security check to validate the authenticity of your application and achieve enhanced resource protection.


Overview of MobileFirst application-authenticity validation

Use the predefined application-authenticity security check (appAuthenticity) to protect against unlawful attempts by fake or tampered applications to access your protected resources (APIs). When enabled, this check validates the authenticity of the application before providing it with any services. The application-authenticity security check is enabled by deploying to the server an application-authenticity file that you create with the MobileFirst application-authenticity tool: see Enabling the application-authenticity security check. The security framework uses this file to validate the authenticity of the application. By default, the security check is run during the application's runtime registration with MobileFirst Server, which occurs the first time an instance of the application attempts to connect to the server. However, as with any MobileFirst security check, we can also include this predefined check in custom security scopes: see OAuth scopes and security checks. For example, we can choose to add this check to the mandatory application scope: see Configuring a mandatory application scope.

The application-authenticity security check is supported for native iOS, native Android, native Windows 10 Universal Windows Platform and Windows 8 Universal, and cross-platform Cordova MobileFirst applications.

Proceed to the next topics to learn how to enable and configure the application-authenticity security check.

Parent topic: Predefined MobileFirst security checks