Building an App
This topic provides a detailed explanation of the process of building an app on the Appdome platform with your selected defenses.
For the Appdome Python library example refer to the snippet at the bottom.
Important
If you have not yet created a fusion set, this can only be done only via the platform. As this is the last time you are going to need to visit the platform UI, you are strongly advised to perform this process before running the API calls.
Caveats
- Remember to visit the platform to obtain your API key and
fusion_set_id
parameters. If you are working with a team you also need to get theteam_id
. For details, see Getting started section.
This process consists of two steps that should be performed in the following order:
- POST request to Appdome to send the
app_id
obtained the upload process,fusion_set_id
obtained from the platform,action
parameter with a value ofbuild
, and optionallyoverrides
json object detailed at the Build an app API reference page. - GET request to check the task status should be polled operation and wait until the request status is
success
before proceeding to the next action.
The process
Note that the scripts uses some variables such as
API_KEY
,FUSION_SET_ID
,BUILD_OVERRIDES
,TEAM_ID
. Ensure that you update these variables accordingly.
- Obtain the task ID and assign it to the
task_id
variable for later use.
BUILD_OVERRIDES='{"user_agent":"...","user_agent_value":"..."}'
task_id=$(
curl -s --request POST \
--url "https://fusion.appdome.com/api/v1/tasks" \
--header "Authorization: $API_KEY" \
--header 'accept: application/json' \
--header 'content-type: multipart/form-data' \
--form action=fuse \
--form fusion_set_id="$FUSION_SET_ID" \
--form app_id="$(echo "$app" | jq -r .id)" \
--form overrides="$BUILD_OVERRIDES" |
jq -r .task_id
)
- Declare a function that will perform the polling operation and notify when the task status is
completed
.
Note that the task may fail with a status oferror
and amessage
property that indicates the issue for which the task failed. This message can help you resolve the issue before building again.
statusWaiter() {
task_id=$1
team_id=$2
status="progress"
while [[ $status == "progress" ]]; do
status=$(curl -s --request GET \
--url "https://fusion.appdome.com/api/v1/tasks/$task_id/status?team_id=$team_id" \
--header 'Content-Type: application/json' \
--header "Authorization: $API_KEY" |
jq -r '.status')
sleep 0.5
done
}
statusWaiter "$task_id" "$TEAM_ID"
At this point, if the status
inside statusWaiter
is completed
, this means you have successfully built an app with your fusion set.
From here, you may proceed to add context (optional) or sign an app.
Appdome python library example
python3 build.py --app_id <app_id_value> --fusion_set_id <fusion_set_id_value> --build_overrides <overrides_json_file>
Overrides
Fuse tasks support overrides, enabling you to surgically modify fusion set values specific to that task.
Overrides, typically JSON primitives, are passed as a string to the overrides
form property. Files can also be included as overrides.
When you provide a file or override a value already present in the fusion set, the object is deeply merged.
Here's how to pass overrides without files:
--form overrides='{"plugin_good_app_version" : ""}'
To merge an object with a file:
--form overrides='{
"mitm_host_server_pinned_certs_list": [
{
"value": {
"mitm_host_server_pinned_certs_type": "no_pinning",
"mitm_host_server_pinned_certs_domain": "{URL}",
"mitm_host_server_pinned_certs_file_filename": "{filename}"
}
}
]
}'
--form mitm_host_server_pinned_certs_list[0].value.mitm_host_server_pinned_certs_file_content=@/Users/johndoe/Downloads/cert.pem
To update only the certificate within an object, specify just the certificate with the correct index:
--form mitm_host_server_pinned_certs_list[0].value.mitm_host_server_pinned_certs_file_content=@/Users/johndoe/Downloads/cert.pem
You can pass multiple files, and their content will be replaced based on their index. If a certificate with a given index doesn't exist, the value is ignored:
--form mitm_host_server_pinned_certs_list[0].value.mitm_host_server_pinned_certs_file_content=@/Users/johndoe/Downloads/cert.pem
--form mitm_host_server_pinned_certs_list[1].value.mitm_host_server_pinned_certs_file_content=@/Users/johndoe/Downloads/cert1.pem
// Will be ignored, as our fusion set only has 2 certs configured
--form mitm_host_server_pinned_certs_list[2].value.mitm_host_server_pinned_certs_file_content=@/Users/johndoe/Downloads/cert2.pem
Passing certificates is also possible for the Mobile Anti Bot list:
--form mobile_anti_bot_list[0].value.payload_signing_key_app_specific=@/Users/johndoe/Downloads/cert1.pem
Note: Indices are zero-based.
Updated 13 days ago