This topic describes how to integrate the Anti-Bot SDK into iOS apps. In this topic, the Anti-Bot SDK is referred to as the SDK. Before you can enable the app protection feature for your iOS apps, you must integrate the SDK into your iOS apps.


Your iOS apps must use iOS 9.0 or later. If the iOS version is earlier than 9.0, the SDK cannot work as expected.


  • The app protection feature is purchased and enabled.

    For more information, see Procedure to enable app protection.

  • The SDK for iOS apps is obtained.

    After you enable the app protection feature, you can contact technical support in the DingTalk service group to obtain the SDK. You can also submit a ticket to obtain the SDK.

    The SDK has two versions: Identifier for Advertising (IDFA) version and non-IDFA version. The following SDK files are provided for the two versions:
    • AliTigerTally_IDFA.framework
    • AliTigerTally_NOIDFA.framework

    If your iOS project uses IDFA, we recommend that you integrate the SDK of the IDFA version into your iOS apps. If your iOS project does not use IDFA, we recommend that you integrate the SDK of the NOIDFA version into your iOS apps.

  • The SDK authentication key, namely the app key, is obtained.
    To obtain the app key, log on to the Web Application Firewall console and choose Protection Settings > Website Protection. On the Bot Management tab of the Website Protection page, turn on App Protection and click Obtain and Copy Appkey. The SDK authentication key is used to send SDK initialization requests. The key must be included in the integration code.
    Note Each Alibaba Cloud account has a uniqueapp key, which can be used for all the domain names in your WAF instance. You can use the app key, regardless of whether you integrate the SDK into Android apps or iOS apps.
    App Protection
    Authentication key example:

Background information

The SDK is used to sign requests that are sent by apps. Web Application Firewall (WAF) verifies the signatures in the requests to identify risks in app services and block malicious requests.

(Optional) Create a test iOS project

You can integrate the SDK into a real iOS project. You can also integrate the SDK into a test iOS project to familiarize yourself with the integration operations before you integrate the SDK into a real iOS project.

In this example, use Xcode to create a test iOS project.

The following figure shows a test project named TigerTally_sdk_test. Test project


  1. Use Xcode to open the test iOS project and enter the file directory.
  2. Copy the SDK to the project.
  3. Add dependency libraries to the project.
    Dependency library Non-IDFA version IDFA version
    libc++.tbd Required Required
    CoreTelephony.framework Required Required
    libresolv.9.tbd Required Required
    AdSupport.framework Not required Required
  4. Open Build Settings and add -ObjC to the Other Linker Flags option.
  5. Add the integration code.
    1. Add a header file to the source file into which you want to integrate the SDK.
      Sample code:
      • Objective-C
        // Non-IDFA version 
        #import <AliTigerTally_NOIDFA/AliTigerTally.h> 
        // IDFA version 
        #import <AliTigerTally_IDFA/AliTigerTally.h>
      • Swift
        // Create a header file. 
        #ifndef TigerTally_sdk_Swift_h
        #define TigerTally_sdk_Swift_h
        // Non-IDFA version 
        #import <AliTigerTally_NOIDFA/AliTigerTally.h> 
        // IDFA version 
        #import <AliTigerTally_IDFA/AliTigerTally.h>
        #endif /* TigerTally_sdk_Swift_h */

        You must add the header file that you create to the Objective-C Bridging Header option in Build Settings.

    2. Specify a user ID.

      Description: specifies a user ID that is included in requests. This way, you can configure WAF protection policies in a more efficient manner.

      Parameter: <account>, which specifies the user ID. Data type: NSString*. We recommend that you enter a masked user ID.

      Return value: none.

      Sample code:
      • Objective-C
        // testAccount is an example of the user ID. 
        // If the logon user is a guest, you do not need to call this function. You can directly call the initialization function. 
        [[AliTigerTally sharedInstance] setAccount:@"testAccount"]; 
      • Swift
        // testAccount is an example of the user ID. 
        // If the logon user is a guest, you do not need to call this function. You can directly call the initialization function. 
    3. Initialize the SDK.

      Description: initializes the SDK and performs one-time information collection. One-time information collection allows you to collect terminal information for one time. If you want to collect terminal information again, call the initialize function again.

      Parameter: <appKey>, which specifies the SDK authentication key. Data type: NSString*.

      Return value: A value that indicates whether the initialization is successful. Data type: Boolean. The value true indicates that the initialization is successful. The value false indicates that the initialization failed.

      Sample code:
      • Objective-C
        NSString *appKey=@"****OpKLvM6zliu6KopyHIhmneb_****u4ekci2W8i6F9vrgpEezqAzEzj2ANrVUhvAXMwYzgY_****vc51aEQlRovkRoUhRlVsf4IzO9dZp6nN_****Wz8pk2TDLuMo4pVIQvGaxH3vrsnSQiK****";
        if([[AliTigerTally sharedInstance]initialize:appKey]){
            NSLog(@"The initialization is successful.");
             NSLog(@"The initialization failed.");
      • Swift
        let binit = AliTigerTally.sharedInstance().initialize("****OpKLvM6zliu6KopyHIhmneb_****u4ekci2W8i6F9vrgpEezqAzEzj2ANrVUhvAXMwYzgY_****vc51aEQlRovkRoUhRlVsf4IzO9dZp6nN_****Wz8pk2TDLuMo4pVIQvGaxH3vrsnSQiK****")
            NSLog("The initialization is successful.");
            NSLog("The initialization failed.");
    4. Sign requests.

      Description: signs the input data and returns the signature string.

      Parameter: <inputBody>, which specifies the data to sign. Data type: NSData*.

      Valid values:
      • Return value in normal scenarios: A signature string is returned. Data type: NSString*.
      • Return value in abnormal scenarios:
        Return value Description Solution
        you must call initialize The initialize function is not called. Call the initialize function to initialize the SDK. Then, call the vmpSign function.
        you must input body The data to sign is not specified. When you call the vmpSign function, configure the <inputBody> parameter to specify data to sign.
        NULL The initialization is not complete, and data failed to be signed. Call the vmpSign function again.

        If this issue repeatedly occurs, contact technical support in the DingTalk service group. You can also submit a ticket to contact technical support.

      Sample code:
      Note In the following sample code, the signature string is defined as wToken.
      • Objective-C
        if(![[AliTigerTally sharedInstance]initialize:@"****OpKLvM6zliu6KopyHIhmneb_****u4ekci2W8i6F9vrgpEezqAzEzj2ANrVUhvAXMwYzgY_****vc51aEQlRovkRoUhRlVsf4IzO9dZp6nN_****Wz8pk2TDLuMo4pVIQvGaxH3vrsnSQiK****"])
                NSLog(@"The initialization failed.");
        NSString *signBody =@"hello";
        NSString *wToken= [[AliTigerTally sharedInstance] vmpSign:[signBody dataUsingEncoding:NSUTF8StringEncoding]];
        NSLog(@"wToken== %@",wToken);
      • Swift
            NSLog("The initialization failed.");
        let signBody = "hello"
        var token = AliTigerTally.sharedInstance().vmpSign(signData)
    5. Add the signature string to the protocol headers and send requests to the server of your iOS apps.

      The signature string is submitted to the server in business-critical events, such as client logon request events. WAF receives requests that are destined for the server, parses the signature string wToken to identify and block malicious requests and forward normal requests to the server.

      Sample code:
      • Objective-C
        NSURL * url = [NSURL URLWithString:@"https://xxxxxx/test?id=123"];
        NSMutableURLRequest *request=[NSMutableURLRequest requestWithURL:url cachePolicy:NSURLRequestUseProtocolCachePolicy timeoutInterval:10];
        [request setValue: wToken forHTTPHeaderField: @"wToken"];
        request.HTTPBody=[signBody dataUsingEncoding:NSUTF8StringEncoding];
        NSURLSessionDataTask *dataTask = [[NSURLSession sharedSession] dataTaskWithRequest:request completionHandler:^(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error) {
                NSLog(@"The data failed to be sent.%@", error);
                NSLog(@"The data is sent.");
        [dataTask resume];
      • Swift
        guard let url = URL(string: "https://xxxxxx/test?id=123") else { return }
        var request = URLRequest(url: url)
        request.httpMethod = "POST"
        request.addValue(token, forHTTPHeaderField: "wToken")
        let session = URLSession.shared
        session.dataTask(with: request) { (data, response, error) in
            if let data = data {
                do {
                } catch {