AppCheck provides a REST API which is available to all customers. Below are the answers to some common questions about the API.
Where is the documentation?
How is access controlled?
Access to the API is restricted in two ways:
- By access key. You will need to provide an access key with each API request. You can have multiple keys linked to different users.
- By IP address. API requests will only be accepted if they come from an IP address which is on your account's allow-list.
How do I request access?
To set up access to the API you will need to raise a ticket with AppCheck Technical Support providing any IP addresses you want to give access to, and we will reply with an access key for you.
Note: You will need to provide the public IP address from which your API requests will come, often this will be the address of your outbound gateway or proxy server. Private (internal) addresses usually begin with 192, 172 or 10 - if this is the IP address you see then you may need to speak to your network administrator to get your public address. You may find you have multiple public addresses, which may be alternated between - in this case you will need to add them all to your account's allow list.
If you want to have the token linked to a specific user (or set up multiple keys for multiple users) let us know, otherwise we will create a token linked to the user who raised the request.
What if I want to access the API from the cloud and I don't know the source IP address?
If you are trying to access AppCheck's API from a cloud platform (Azure, AWS, Google Cloud, etc) and do not have a static IP address then it is advisable to configure a static IP gateway using NAT for outbound requests. The alternative would be to allow access from the entire cloud platform (or region/area, depending on our platform), which obvious security implications.
AppCheck do not maintain documentation on how to perform this, since it is configurable via your cloud provider, and the implementation details may change over time. However the following links may potentially be of use in investigating how to set this up for your cloud estate:
Google Cloud (GCP) - https://cloud.google.com/nat/docs/overview