Integration of the OneSpan Threat View Client SDK

To integrate the Client SDK and use OneSpan Threat View, the following integration steps are necessary:

• Establish the communication between the Threat View server- and client sides

• Integrate the Client SDK with your mobile apps

Establish communication

Server

To integrate the APP_KEY

1. In the simulator/.env file of the product package (evaluation package), replace the SECRET_DATA_COLLECTOR_APP_KEY value with the key you generated.

2. Hash the key with SHA-256.

3. In the threat-view/.env file of the product package (evaluation package), replace the SECRET_DATA_COLLECTOR_APP_KEY value with the hash value generated in the previous step.

4. Restart the services.

Android

To integrate the APP_KEY

• Generate the APP_KEY with the algorithm of your choice.

  We recommend a minimum of 128 bits of entropy.

• Integrate the this key with the Client SDK via the Gradle Plugin. For example:

  insights {
      networkConfig {
          baseUrl = "https://your.backend.endpoint"
          postEventPath = "/collector-events"
          appKey = findProperty("yourAppKey") as? String ?: ""
      }
  }

  In this example, appKey is retrieved dynamically from a Gradle property. This approach provides maximum flexibility for an integration with your preferred secret management strategy. We strongly recommend to not commit the app key in clear text to your version control repository.

iOS

To ensure that the Threat View server-side with the administration interface and the Client SDK communicate correctly, you need to add the following keys to the Information Property List,  Info.plist:

• APP_KEY

  • Unique identifier used to authenticate an application and its access to certain resources or APIs.

• BASE_URL

  • URL of the server where you have deployed the Threat View web component.

• POST_EVENT_PATH

  • Web service used to communicate the events to the server. By default, this is the Collectore Events service.

The APP_KEY is a random UUID value is created by OneSpan. It needs to be used inside the mobile app when initializing Threat View Client SDK. Every single call to the Threat View back end will have this APP_KEY in a header value. The Threat View back end stores a hashed version of this UUID in a database and uses it to authenticate the call from the Client SDK. The default value for the APP_KEY is 0b5b52c0-7fc5-48af-9be4-f747812592ff

Integrate the Threat View Client SDK in an Android mobile application

To use the OneSpan Threat View Client SDK for Android applications

1. Add the SDK Maven dependency: import it via the local maven repository included in the Threat View Client SDK product package.

2. Declare the following permissions in your AndroidManifest.xml:

   <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
   <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
   <uses-permission android:name="android.permission.INTERNET" />

   These permissions are required to enable geolocation, network communication, and security signals collection.

   It is mandatory to ask the user for granting permission to access their location at runtime. However, under certain conditions, geolocation data usage may be subject to the General Data Protection Regulation (GDPR) of the European Union. For more information about the GDPR, see Geolocation data and GDPR Compliance; for more information about about granting apps geolocation permissions, refer to the Android Developer Documentation.

3. Apply the Gradle Plugin and configure it.

4. Initialize the SDK.

For more details on the integration steps, refer to the technical documentation included in the product package: integration.md.

Integrate the Threat View Client SDK in an iOS mobile application

This project has been written in Swift. To use this framework with pure Objective-C projects, you need to add a Swift file and create the bridging header file. For more information about  this, refer to the Apple Developer documentation.

You are now ready to use the OneSpan Threat View Client SDK.