For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.

Enabling the application-authenticity security check

Enable the predefined MobileFirst application-authenticity security check to protect against attempts by fake or tampered applications to access your resources (APIs).


You enable the application-authenticity security check by creating an application-authenticity file, and deploying the file to MobileFirst Server. We can select whether to separate the file creation and deployment steps, or consolidate them into one step:



When wer application-authenticity file is deployed to the server, the Status value in the application Authenticity console tab is set to "Enabled", indicating that the security check is enabled for our application.

We can retrieve a copy of the application-authenticity file that is deployed for our application on the server, by running the app version get authenticity-data command of the mfpadm command line program, or the <app-version> <get-authenticity-data> command through an mfpadm Ant task.

We can disable the application-authenticity security check at any time, by using one of the following methods:

Parent topic: Application-authenticity security check