Security

How to manage your iOS app's security with the Apps Panel SDK

The Apps Panel iOS SDK offers various security parameters in order to secure your exchanges with your Apps Panel mobile back-end. Security features are easy to use and require no additional effort. The SDK manage the encryption and decryption so that everything is totally transparent at your level.

Encryption

You can choose to encrypt your exchanges with the back-end. The request body is encrypted, as a result, GET requests are not encrypted as parameters are passed in the URL. If you need to transfer secure data in a GETrequest, you can use the secure data field of the JWT. By default, all internal calls from the SDK are encrypted, in and out. For your custom calls, it's entirely up to you. You can choose to encrypt calls, answers or both. You can decide if you want to use a random key for each call, and you also have the possibility to attach a JWT to each request without encrypting the request body.

APSecurityModeNone,
    APSecurityModeJWTOnly,
    APSecurityModeRequest,
    APSecurityModeResponse,
    APSecurityModeRequestAndResponse

You can set these parameters globally in your AppDelegate.m, at the same place you set your app configuration:

- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions {
    /* ... */
		[[AppsPanel sharedInstance] securityMode:APSecurityModeRequestAndResponse randomizeKey: NO];
    /* ... */
    [[AppsPanel sharedInstance] startSession];
    /* ... */
}
func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplicationLaunchOptionsKey: Any]?) -> Bool {
    /* ... */
    AppsPanel.sharedInstance().secureAnswer = true
    AppsPanel.sharedInstance().secureParameter = true
    AppsPanel.sharedInstance().shouldUseRandomKey = true
    /* ... */
    AppsPanel.sharedInstance().startSession()
    /* ... */
    return true
}

Or you can set them for each call independently:

APWSManager *apws = [[APWSManager alloc] initWithRest:@"your_endpoint" delegate:self WithGet:nil andPost:post andTag:TAG];

[apws securityModeForCall:APSecurityModeJWTOnly randomizeKey: NO];

[apws start];
let apws: APWSManager = APWSManager(rest: "your_endpoint", delegate: self, withGet: nil, andTag: TAG)

apws.useSecureAnswer = true
apws.useSecureParameter = true
apws.useRandomKey = true

apws.start()

Setting them for a certain call will override either the default configuration or the configuration you choose in your AppDelegate for this call and only this one.

There are security options in your back office, allowing you to force encrypted calls on some request or to disable it on others. See Security.

Secure Data

URL endpoints are never encrypted, but you have the possibility to pass sensible data even with a GET request:

APWSManager *apws = [[APWSManager alloc] initWithRest:@"your_endpoint" delegate:self WithGet:nil andPost:post andTag:TAG];

NSDictionary *secureDictionary = @{@"response" : @42};
[apws setSecureData:secureDictionary];

[apws start];
let apws: APWSManager = APWSManager(rest: "your_endpoint", delegate: self, withGet: nil, andTag: 1)
let secureDictionnary = ["response" : 42]
apws.secureData = secureDictionnary
apws.start()

This data will be encrypted and added to the request, even if it is not encrypted.