Managing Apps
Apps represent your mobile applications in ProtectMyAPI. Each app has its own configuration, linked services, and security settings.
One app per platform: Create separate apps for iOS and Android, or use Flutter/React Native apps that cover both platforms.
Creating an App
Start the App Wizard
- Click “Create App” in the dashboard
- The setup wizard will guide you through the process
Choose Your Platform
Select your app’s platform:
| Platform | Use When |
|---|---|
| iOS | Native Swift/SwiftUI/Objective-C app |
| Android | Native Kotlin/Java app |
| Flutter | Cross-platform Flutter app |
| React Native | Cross-platform React Native app |
Enter App Details
Required fields:
| Field | Example | Where to Find |
|---|---|---|
| App Name | ”My iOS App” | Your choice |
| Bundle ID | com.company.myapp | Xcode → Target → General |
| Apple Team ID | ABCD1234EF | Apple Developer Portal → Membership |
Optional fields:
| Field | Purpose |
|---|---|
| App Store Key ID | For App Store receipt validation |
| App Store Issuer ID | For App Store Connect API |
| App Store Private Key | For automated verification |
Configure Security Settings
| Setting | Default | Description |
|---|---|---|
| Enforce Attestation | ✅ On | Require device verification for all requests |
| Allow Rooted/Jailbroken | ❌ Off | Block compromised devices |
| Require Play Store | ✅ On | Android: Only allow Play Store installs |
Production apps: Keep all security settings enabled. Only disable for testing.
Complete Setup
- Review your configuration
- Click “Create App”
- Copy your App Token — you’ll need this in your code
App Token
Your App Token identifies your app to ProtectMyAPI:
app_a1b2c3d4e5f6g7h8i9j0Where to Use It
// iOS
ProtectMyAPI.shared.configure(appId: "app_a1b2c3d4e5f6...")// Android
ProtectMyAPI.initialize(this, "app_a1b2c3d4e5f6...")App Token is NOT secret. It can be safely included in your app code. The security comes from device attestation, not the token itself.
App Settings
General Settings
Access from: Apps → Select app → Settings tab
| Setting | Description |
|---|---|
| App Name | Display name (can be changed anytime) |
| Bundle ID / Package Name | Must match your app (cannot be changed) |
| Environment | Development or Production |
Security Settings
| Setting | Recommendation | Impact |
|---|---|---|
| Enforce Attestation | ✅ Always On | Blocks unverified requests |
| Allow Jailbroken (iOS) | ❌ Off | Blocks compromised iOS devices |
| Allow Rooted (Android) | ❌ Off | Blocks compromised Android devices |
| Allow Emulators | ❌ Off | Blocks simulator/emulator requests |
| Require Play Store | ✅ On | Android: Block sideloaded apps |
Integrity Levels (Android)
| Level | Security | Use Case |
|---|---|---|
| MEETS_BASIC_INTEGRITY | Low | Development only |
| MEETS_DEVICE_INTEGRITY | Medium | Most apps (recommended) |
| MEETS_STRONG_INTEGRITY | High | Banking, healthcare |
Linking API Services
Apps need linked API Services to make requests:
- Go to Apps → Select your app
- Click “Linked API Services” tab
- Click “Link Service”
- Select services to link
- Click “Save”
Tip: Create services in API Services first, then link them to your apps.
Live Console
Monitor real-time requests from your app:
- Go to Apps → Select your app
- Click “Live Console” tab
- See requests as they happen:
- Timestamp
- Endpoint called
- Response status
- Latency
- Device info
Deleting an App
Warning: Deleting an app is permanent. All linked services will be unlinked, and the app token will stop working immediately.
- Go to Apps → Select your app
- Click Settings tab
- Scroll to Danger Zone
- Click “Delete App”
- Type the app name to confirm
Best Practices
Naming Convention
✅ Good: "MyApp iOS Production"
✅ Good: "MyApp Android Dev"
❌ Bad: "Test" (not descriptive)Environment Separation
- Create separate apps for Development and Production
- Use different API keys for each environment
- Keep production security settings strict
Multiple Apps Strategy
| Scenario | Recommendation |
|---|---|
| iOS + Android native | 2 separate apps |
| Flutter/React Native | 1 app (handles both) |
| Dev + Prod | Separate apps per environment |
| Multiple clients | Separate organizations |
Troubleshooting
”Bundle ID mismatch”
Your app’s Bundle ID doesn’t match the dashboard configuration.
- iOS: Check Xcode → Target → General → Bundle Identifier
- Android: Check
build.gradle→applicationId
”Attestation failed”
- Ensure you’re testing on a real device
- Check that App Attest capability is enabled (iOS)
- Verify SHA-256 fingerprint is correct (Android)
“App not found”
- Verify the App Token in your code
- Check you’re using the correct environment