Security

One of Appogram's big concerns is security and privacy.

Appogram Does not store any data of your Application or Users on the cloud. We just store the structure of an Appo (all you do in studio and fake data for designing your Appo), the list of its members based on our internal Id not any mobile number. All your Appo's communication with your web services are direct and there is no proxy or repeater topology, the mobile device calls your web-services without Appogram's server intervention.

First step for securing you Appo is to use HTTPS.

The second step is to use authentication with login facilities in Appogram. Authentication is based on your API and your own database and security model. Appogram lets you to authenticate users with a web service then the web service must create a JSON Web Token for your client and you should authenticate all other HTTP requests to your APIs with that token. If there is a failure or security risk just create a HTTP 403 error message and the rest will be managed by Appogram client.

The token is passed to your API in a HTTP header key. There is also the memberid (the unique identity of a device on Appogram network) as a key in the HTTP header of any request to your API.

The Authentication token key:

Request.Headers.Authorization
‚Äč
authorization.Scheme : "Bearer"