All Products
Search
Document Center

Overview and preparation

Last Updated: Sep 23, 2021

Overview

Reinforcement of mobile applications can be implemented by calling the Mobile Security Armor (MSA) API. The API connects the server on the user side to the server of the mobile PaaS (mPaaS).

Processes

The following processes shows the calls to operations of the MSA API:

  1. Obtain the token uploaded to OSS.
  2. Upload the APK or AAB to OSS.
  3. Notify Mobile Security Armor (MSA) of the uploaded APK or AAB.
  4. Query the upload result by initiating a polling task, to obtain the ID of the reinforcement task.
  5. Instruct MSA to start reinforcement.
  6. Query the reinforcement result by initiating a polling task, to obtain the URL of the reinforced application.
  7. Download the reinforced package.

Limits

To prevent overuse of the API from affecting the operating of applications, the API adopts a rate limiting and throttling mechanism for calls. The following content describes the specific mechanism:

  • The MSA API adopts a single-instance rate limiting and throttling mechanism. The mechanism is implemented based on the appId and workspaceId fields.
  • MSA provides two devices to receive API requests, which are then forwarded by using Server Load Balancer (SLB).
  • In a single MSA instance, the API operation for uploading application packages can be called up to 10 times per minute, that is, once every 6 seconds. The remaining operations can be called up to 600 times per minute, that is, once every 0.1 seconds.

Preparations

Before you call the API, you must obtain the AccessKey pair, application ID, workspace ID, and tenant ID and configure Maven dependencies and configure file upload.

Obtain the AccessKey pair

An AccessKey pair includes an AccessKey ID and an AccessKey Secret. For more information about how to obtain an AccessKey pair, see Obtain an AccessKey pair.

  • AccessKey ID: identifies a user.
  • AccessKey Secret: authenticates the user. Keep the secret confidential.

Obtain the application ID, workspace ID, and tenant ID

  1. Log on to the mPaaS console and open the application.
  2. On the Overview page, click Code Configuration (Select Android or iOS as needed) > Download Configuration File > Download Now. The Code Configuration panel slides out from the right side. You can view the application ID, workspace ID, and tenant ID on the panel.

Configure Maven dependencies

Before you call the API, you must configure Maven dependencies. The following codes show sample configurations.

  1. <dependency>
  2. <groupId>com.aliyun</groupId>
  3. <artifactId>aliyun-java-sdk-mpaas</artifactId>
  4. <version>3.0.3</version>
  5. </dependency>
  6. <dependency>
  7. <groupId>com.aliyun</groupId>
  8. <artifactId>aliyun-java-sdk-core</artifactId>
  9. <optional>true</optional>
  10. <version>[4.3.2,5.0.0)</version>
  11. </dependency>

Configure file upload

File streams are not allowed in all API operations. Therefore, to upload a file, you must invoke an upload tool to upload the file to OSS. Then, you must pass the returned OSS address as a parameter to the specified API.

To download the related file upload tool, download OssPostObject.java.zip.

Examples

For more information about the sample codes of the processed, see mpaas-msa-client.zip.