Amazon WAF mobile application integration - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon WAF mobile application integration

You can use the Amazon WAF mobile SDKs to implement Amazon WAF intelligent threat integration SDKs for Android and iOS mobile applications.

  • For Android mobile apps, the Amazon WAF SDKs work for Android API version 23 (Android version 6) and later. For information about Android versions, see SDK Platform release notes.

  • For iOS mobile apps, Amazon WAF SDKs work for iOS version 13 and later. For information about iOS versions, see iOS & iPadOS Release Notes.

With the mobile SDK, you can manage token authorization, and include the tokens in the requests that you send to your protected resources. By using the SDKs, you ensure that these remote procedure calls by your client contain a valid token. Additionally, when this integration is in place on your application's pages, you can implement mitigating rules in your web ACL, such as blocking requests that don't contain a valid token.

For access to the mobile SDKs, contact support at Contact Amazon.


The Amazon WAF mobile SDKs aren't available for CAPTCHA customization.

The basic approach for using the SDK is to create a token provider using a configuration object, then to use the token provider to retrieve tokens from Amazon WAF. By default, the token provider includes the retrieved tokens in your web requests to your protected resource.

The following is a partial listing of an SDK implementation, which shows the main components. For more detailed examples, see Writing your code for the Amazon WAF mobile SDK.

let url: URL = URL(string: "Web ACL integration URL")! let configuration = WAFConfiguration(applicationIntegrationUrl: url, domainName: "Domain name") let tokenProvider = WAFTokenProvider(configuration) let token = tokenProvider.getToken()
URL applicationIntegrationURL = new URL("Web ACL integration URL"); String domainName = "Domain name"; WAFConfiguration configuration = WAFConfiguration.builder().applicationIntegrationURL(applicationIntegrationURL).domainName(domainName).build(); WAFTokenProvider tokenProvider = new WAFTokenProvider(Application context, configuration); WAFToken token = tokenProvider.getToken();