Once the app is uploaded and scanned, you can secure the app. Add services by defining and applying settings in an app security profile.


Using an app security profile

You can save policy settings in an app security profile object. This provides an easy way to integrate multiple apps within your organization with the same policy settings—by applying the app security profile to each of your apps.

See Configuring app security profiles with the API for more details about managing and configuring app security profiles. The following sections describe how to use them to integrate services with your app.

Select an app security profile

You can get the list of all defined app security profiles with GET /app_security_profiles:

Request: List app security profiles

curl -X GET "https://platform-api.bluecedar.com/v1/app_security_profiles" \
     -H "accept: */*" -H "X-Organization-UUID: 08cfc9b9-1458-4da0-a271-0eaa4c8b1af3" \
     -H "Authorization: Bearer 380d9c23-cca3-4618-b77a-15cdf934dba3"
BASH

This call returns a list of all app security policies available for your organization, with basic information:

Response

{
  "page": 1,
  "totalPages": 11,
  "appSecurityProfiles": [
    {
      "organizationUuid": "08cfc9b9-1458-4da0-a271-0eaa4c8b1af3",
      "appSecurityProfileUuid": "c4415337-595c-48ae-8679-5395099ec4f8",
      "name": "My Profile",
      "latestVersion": 2,
      "audit": {
        "createdDate": "2019-03-05T15:33:56.000709",
        "createdBy": "880fe065-1e32-4f1c-9c42-a273fdd2db9d",
        "modifiedDate": "2019-03-08T18:56:22.000600",
        "modifiedBy": "880fe065-1e32-4f1c-9c42-a273fdd2db9d"
      }
   ...
YML

If you know the name of the app security profile you want to use, refer to the list to get the appSecurityProfileUuid. 

App security profile versions

To get complete information about an app security profile, use GET /app_security_profiles/{app_security_proflle_uuid}/versions. This call returns a list of all saved versions of an app security profile. The versionedAppSecurityProfiles structure contains the JSON definition for each iteration of the profile. Version 0 is the original "empty" profile with default settings.

Request: List app security profile versions

curl -X GET "https://platform-api.bluecedar.com/v1/app_security_profiles/c4415337-595c-48ae-8679-5395099ec4f8/versions" 
     -H "accept: */*"
     -H "Authorization: Bearer dd11411d-33a3-466d-84eb-a50e2029aa82"
BASH

This call returns the details for each saved version for the specified app security profile:

Response

{
  "page": 1,
  "totalPages": 1,
  "versionedAppSecurityProfiles": [
    {
      "versionCode": 0,
      "microPolicies": {
        "appCustomization": {
          "enabled": false,
          "displaySecuredByBar": false,
          "backgroundImageScale": "fillScreen"
        }
      },
      "audit": {
        "createdDate": "2019-02-25T13:00:09.000669",
        "createdBy": "84efacf4-f566-4e2d-a184-c7f605ebd302",
        "modifiedDate": "2019-02-25T13:00:09.000669",
        "modifiedBy": "84efacf4-f566-4e2d-a184-c7f605ebd302"
      }
    },
    {
      "versionCode": 1,
      "microPolicies": {
        "appCustomization": {
          "enabled": false,
          "fontColor": "#FFFFFF",
          "logoImage": "https://api.bluecedar.com/v1/storage/BCN+logo+xsmall+png/image+png/86ca4167-3c75-4815-a6be-3c6a5623467f",
          "backgroundColor": "#0076A9",
          "primaryButtonColor": "#00CC00",
          "displaySecuredByBar": false,
          "backgroundImageScale": "fillScreen",
          "secondaryButtonColor": "#0191C6"
        },
        ...
      },
      "audit": {
        "createdDate": "2019-02-25T13:03:25.000259",
        "createdBy": "84efacf4-f106-4e2d-a184-c7f605ebd302",
        "modifiedDate": "2019-02-25T13:03:25.000259",
        "modifiedBy": "84efacf4-f106-4e2d-a184-c7f605ebd302"
      }
    },
YML


Apply the app security profile

To assign the chosen app security profile to your app, use PUT /apps/${APP_UUID} with these values:

  • APP_UUID: App UUID created when the app was uploaded
  • appSecurityProfileUuid: The UUID for the app security profile
  • codeSigningUuid: The UUID for the code signing profile
  • organizationUuid: $ORG_UUID as set in the environment
  • storageUrl: Path of stored app, returned as storageUrl in the uploading step
curl -X PUT "https://platform-api.bluecedar.com/v1/apps/bbc21678-76e4-4e09-be03-0e8e6b72e88e" \
     -H "accept: application/json" \
     -H "Authorization: Bearer 380d9c23-cca3-4618-b77a-15cdf934dba3" \
     -H "Content-Type: application/json" \
     -d "{\"appSecurityProfileUuid\":\"c4415337-595c-48ae-8679-5395099ec4f8\", \
          \"appSecurityVersionCode\":1, \
          \"organizationUuid\":\"08cfc9b9-1458-4da0-a271-0eaa4c8b1af3\", \
          \"storageUrl\":\"Archive+ipa/application+octet+stream/346c1d3e-6db4-4741-b14c-d9a6cd1d5ffe\"}"
BASH

Integrate the app with app security settings

Use POST /injection_tasks with these values:

  • appSecurityProfileJson: Includes settings for each policy
  • taskType: harden

Request: Add app customization policy

curl -X POST "https://platform-api.bluecedar.com/v1/injection_tasks" 
     -H "accept: */*" -H "X-Organization-UUID: 08cfc9b9-1458-4da0-a271-0eaa4c8b1af3" 
     -H "Authorization: Bearer 380d9c23-cca3-4618-b77a-15cdf934dba3" 
     -H "Content-Type: application/json" 
     -d '{"integrity": {
            "integrityCertUrl": "https://api.dev.bluecedar.com/v1/storage/certificate+p12/application+x+pkcs12/d8127f58-3255-4f05-b7d4-811b0165e762",
            "pkcs12Password": "bluecedarmap"
          },
        "appBinaryUrl": "https://api.dev.bluecedar.com/v1/storage/Compass+apk/application+vnd+android+package+archive/192cd800-6c74-4a80-a267-50f363fc6a30",
        "appId": "com.mocana.keybrowser",
        "appSecurityProfileJson": 
          "vpnSettings": {
            "enabled": false
          },
          "secureWebStack": {
            "enabled": false
          },
          "appCustomization": {
            "enabled": true,
            "fontColor": "#FFFFFF",
            "logoImage": "https://api.dev.bluecedar.com/v1/storage/BCN+logo+xsmall+png/image+png/11a98b0a-b72d-4db5-b58e-9784592bc49c",
            "backgroundColor": "#0076A9",
            "primaryButtonColor": "#00CC00",
            "displaySecuredByBar": false,
            "backgroundImageScale": "fillScreen",
            "secondaryButtonColor": "#0191C6"
          },
        },
        "appUuid": "fd7624cc-9192-4a31-a6b1-7721fe48a01c",
        "organizationUuid": "08cfc9b9-1458-4da0-a271-0eaa4c8b1af3",
        "taskType": "harden"
       }'
BASH