Securing apps with the REST API

You can upload apps (APK or IPA files) to the policy console, apply selected policies, and make the apps available to mobile device users. This set of API calls outlines the process:

Upload an app:

• POST app-market/upload—uploads the app, whether or not the app already exists in the system.
• POST app-market/upload-no-replace—checks first to see if an app with the same package name already exists in the system. If not, the upload continues just as it would for POST app-market/upload.
• POST app-market/upload-commit/{packageName}/{platform}/{blobId}—confirms the upload. Use this API call when an app in the system has the same package name as the uploaded app and POST app-market/upload-no-replace requires confirmation.

Select a policy:

• Use a policy_id: GET app-policy/catalog obtains all the GUIDs for each policy that exists in the policy console.  
• Use a policy code, as listed in Configuring security policies for your apps and in the response from GET app-policy/catalog.

Create a profile:

• POST profile—creates or updates a policy profile or signing profile.

• To create a browser profile (Browser Configuration policy), use POST profile/mocana-browser/new.

• To create a vpn profile (Secure Microtunnel policy), use POST app-policy/vpn-profile.

Select a profile:

• GET profile/catalog —obtains all the GUIDs for each policy profile in the policy console. 
• GET profile/catalog/{policytype} —obtain the details for all profiles of a specified policy type.

Secure and sign the app:

• POST app-market/policy—applies the policies and profiles you specify to the app, including code-signing.

Download the secured app:

• GET app-market/{GUID}/apk—returns the new secured app binary (apk or ipa file).
• POST app-market/export-for-codesigning—returns a zip file containing a secured app and signing information.

The following sections provide details and examples of how to secure apps using the REST APIs.