Getting Started

Security Model

How version control, hash approvals, signatures, and replay defense fit together.

Controls You Can Enable

Version control: block unsupported versions, show reminders, or allow temporarily.
Application hash: require approved builds only (prevents unauthorized builds).
IP rules: app IP blacklist/whitelist, plus optional VPN/country blocking (plan-based).
System ID rules: SID whitelist/blacklist per app.
Device enforcement: device limit tracking per user + device auth endpoints.

Security Metadata (v2)

The v2 API supports replay defense and response signing. Your SDK can send metadata like request_id, nonce, and timestamp, and the server can sign responses.

Important

The SDK is responsible for handling this. As an app developer, you usually just enable or disable it in your environment/config.