0

I read all kind of posts and articles about ssl pinning in react native. However all of those are about a privately owned domain for which we generate the certificate.

But if my API is hosted on Heroku, how can I manage SSL pinning?

Ideally, I would like to pin on hashed public key so it's easier to manage the rotation without having to release a new version. But I have no clue how to deal with this with Heroku, with my api being hosted at myapp.herokyapp.com for example.

Also, if I suddenly add SSL pinning for my heroku, will it affect all my previous users in the current mobile version that are currently hitting on this same API? I wouldn't want existing users to have all their requests failing.

Any help would be appreciated, thank you!

Gigalink
  • 170
  • 8
  • Hey, How far have you gone about this issue, can we sync and look at in-depth, I am also trying to implement SSL pining – ghkatende Nov 10 '22 at 06:59
  • Unfortunately I had to abandon it considering how complex it was on an existing infrastructure. I went to add an additional layer of security to my API through captcha instead. – Gigalink Nov 10 '22 at 10:40
  • Hello, okay thanks for the reply, I am actually using network security configuration for android and trust kit for ios, just in case you would like to use it. – ghkatende Nov 13 '22 at 15:46

0 Answers0