Secure WS requests

Hello,

I would like to secure the exchanges between my application and my webservices to make sure requests are only made by an authentic application.

By searching the internet I discovered that App Attest from Device Check framework exists but it looks like there are some limitation about it :

  • App Attest doesn't work on most App Extensions (like Share extension)

  • We are limited by the requests count made to the App Attest webservice (only when generating the Apple certificate, one time by device / application).

The problem is I need this security on my app extension because I have a Share extension sending e-mails.

Do you have advice to secure the exchanges between my app and my webservices ?

Could you have your app use App Attest to ‘enroll’ with your service and then share the resulting with your appex?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hello ! Thank you for your response !

I have users who only use the "Share appex", they never open the main app. They enrolled the first time via the app, the problem is the "authentication token" is only valid 20 hours.

I have to regenerate it when they use the appex and, since they don't open the app, I don't know how to regenerate the token securely via the appex.

Secure WS requests
 
 
Q