Integration guidelines
The Risk Management SDK is delivered as a JAR file for the Android platform and as a static .framework for the iOS platform, which can be integrated in your application.
This section contains all the information that the application needs to perform to integrate the SDK into the host application.
Risk Management SDK integration
For simplification, the integration of the SDK is divided into two parts:
Before you start
It is recommended for you to read the following sections that describe the various SDK classes to help understand the SDK entry points.
GAHCore
This class is the entry point to the Risk Management SDK that holds the functionalities of all the APIs.
GAHCore contains the public methods that the application uses to perform the following operations:
- Initialize the SDK.
- Prefetch the signals.
- Set active signal groups.
- Set active Signals.
- Set a transaction as critical.
- Check if signal collection is completed.
- Request prefetch status.
- Request the
visitIDfrom the Risk Management back-end server. - Clear resources.
- Stop prefetching signals.
- Get the SDK version info.
GAHSignalGroupConstants
This class holds the various constants that indicate the available signal groups and signals. It can be used by the application to specify the signals or signal groups to activate.
Basic integration
Basic integration includes the mandatory steps required to integrate the Risk Management SDK with your mobile device.
Perform the following steps in sequential order to use the SDK host application. These steps are illustrated in the form of a Codelab, to help you quickly ramp up your understanding and understand how to integrate the library into your project.
Basic integration Codelab
Follow the instructions in the tutorial to quickly integrate the Risk Management SDK into your project. The instructions in the Codelab involve the following steps:
- Add the Risk Management SDK and TrustDefender dependencies to your project.
- Add permissions.
- Create configuration objects.
- Certificate pinning
- Initialize the Risk Management SDK.
- Start prefetching signals.
- Request the prefetch status.
- Request and process the
visitID. - Clear transaction resources.
- Stop prefetching signals.
Advanced use cases
This section describes the steps to integrate some of the advanced features of Risk Management SDK.
Advanced integration topics include BehavioSec, ThreatMetrix, certificate pinning, and signal customization:
Debug vs. Release builds
Each variant of the Risk Management SDK has two versions: release and debug. It is recommended to use the release version in the production environment.
| Debug build | Release build |
|---|---|
| On Android: The source code is obfuscated with DexGuard. However, the debug logs are available. On iOS: No code obfuscation, debug logs are available. |
On Android: The source code is obfuscated with DexGuard, and the debug logs are not available. On iOS: No code obfuscation, Debug logs are not available. |
| Certificate pinning is optional. | Certificate pinning is Mandatory. |
JSON request to the Risk Engine back-end server is available to the application for verification. That is, calling the GAHCore.getSignalValuesJson() method returns an output for verification. |
JSON request to the Risk Engine back-end server is not available to the application for verification. That is, calling the GAHCore.getSignalValuesJson() method returns an output No data available in Release mode and this is not available for verification. |
| HTTP communication implementation: - TLS is not mandatory. - Self-signed certificate is allowed in cases of TLS usage. - Hostname mismatch is allowed in cases of TLS usage. |
HTTP communication implementation: - TLS connection is mandatory. - Self-signed certificate is rejected. - Hostname mismatch rejected. - Cipher-suite allow-list (only strong ciphers allowed). |
| Debug detection feature is not enabled. | Debug detection feature is enabled. |
Error codes
The following table lists the error codes thrown by the Risk Management SDK.
The application needs to process these error codes and handle the actions to take in erroneous conditions.
| Error code | Description |
|---|---|
| 400 | Bad request sent to Risk Engine back end. This can happen if some mandatory signals are not part of the request to the Risk Engine back end. |
| 403 | Connection to the server is forbidden |
| 100 | Unexpected error while connecting to the Risk Engine back end |
| 102 | Network related permissions are not granted from the application (Android only) |
| 1001 | Invalid JSON response received from the Risk Engine back end |
| 1002 | SSL handshake error while connecting to Risk Engine backend. |
| 1003 | Wrong HTTP method used while making a connection to the Risk Engine back end |
| 1004 | HTTP protocol error while making a connection to the Risk Engine back end |
| 1005 | Invalid URL connection is made |
| 1006 | IO error while connecting to the Risk Engine back end |
| 1008 | Unsupported HTTP connection scheme is used |
| 1009 | Request string is null while attempting URL connection |
| 10011 | Invalid data type during signal collection in Risk Management |
| 10013 | TLS connection failed while making a connection to the Risk Engine back end |
| 10014 | No valid SSL certificates are passed from the application |
| 2101 | Prefetching of signals is partially done |
| 2102 | Prefetching of signals failed |
Troubleshooting
Error code 524: Signal Timeout
This error occurs when the system cannot return a signal within a preconfigured timeout. The signal in the JSON string contains error code 524 and a status message Signal Timeout. The default timeout is set to 2000 ms. To increase the timeout properly, call the setSignalCollectionGlobalTimeout(int timeout) method.
