To secure an application, a request to establish a communication session with a client is received from the application, at a server. The server sends the request to establish the communication session to the client. The request to establish the communication session generates a request for a user to approve the application. If the request is approved, a client token is received. A certificate with a public key and a private key is created and the public key is sent to the application. An application token that is encrypted using the public key is received from the application. The application token is unencrypted using the private key and compared to the client token. In response to the unencrypted application token matching the client token, an approval message is sent to the client to establish the communication session. The application can then establish a secure communication session with the client.