Mobile Application Groups
Last updated
Was this helpful?
Last updated
Was this helpful?
Reblaze includes a Mobile SDK: a unique client certification mechanism for iOS and Android apps. Customers can publish their applications with the SDK embedded.
In use, the SDK signs the application, authenticates the device, and verifies user identity, adding a cryptographic HMAC signature to each request. The SDK provides a reliable and secure mechanism to confirm that the traffic is originating from a legitimate app user and not a bot or emulator.
Below, we discuss the parameters to configure within Reblaze for receiving requests from mobile applications.
A Mobile Application Group configures Mobile SDK parameters for a specific Server Group (which usually represents a domain).
The main window (shown above) lists all currently defined Mobile Application Groups.
The administration (addition/deletion/editing/versioning) of these Groups follows the conventions described here.
The name of this Mobile Application Group, for use within the interface.
A description of this Mobile Application Group, for use within the interface.
The name of the header that contains the user authentication token. This can be left blank.
The allowable time between the timestamp of a request and the time that Reblaze receives the request from the application. Requests with a longer delay will be rejected.
This list contains the SHA-256 digests of recognized certificates.
To find the signature for an iOS app, you can open the Apple Development Certificate in the Keychain app, and copy the SHA-256 fingerprint. Alternatively, you can extract this fingerprint from the ipa bundle.
For Android app, you can get the SHA-256 fingerprint from the keystore or extract it from a signed APK with the apksigner tool (part of the Android SDK). See detailed instructions here.
When uploading the fingerprint to the Reblaze Console, make sure that it contains hexadecimal characters only, in lowercase, without spaces.
Any number of signatures may be 'Active' at given time.
While debugging the app on an emulator, it will present a special signature: abadbabe. Make sure this is not activated on production.
This lists the remote profiles that can override the parameters of the SDK on all mobile clients.
The Default profile is always empty. When it is active, the SDK parameters are fully determined by the app's local configuration. Only one remote profile may be active at a given time.
Instructions and sample code for embedding the SDK within client applications are .
