Android React Native - Device Intelligence
December 22nd, 2022
Device Fingerprinting helps you understand your user’s unique hardware with their device data. It efficiently syncs the data in the background, processes them and the data processed can be used to generate a fingerprint id.
Integration Overview
- Integrate Android SDK in your application
- Call the API to query device information
- SessionKey and UserID is generated from client backend and sent to the SDK.
- Invoke the submit function in SDK to pass the data to Bureau backend.
- Upon successful transmission of the parameters, a callback is received in the SDK, based on the callback (Success/Failure) next steps can be taken.
- If the callback is successful, Invoke Bureau's backend API
/v1/suppliers/device-fingerprint
to fetch the results. - Use the fingerprint and risk signals to allow, block or redirect the user to a desired flow.
Integration Demo
Note : For demo purposes we are generating the fingerprint in the SDK but as a best practice we recommend you to generate if from your backend and pass it to the SDK
Usage
Install the package
npm install react-native-fingerprint-bureau
or
yarn add react-native-fingerprint-bureau
Initialise the SDK
import {
initialize_fingerprint_sdk,
submitFingerPrintData,
} from 'react-native-fingerprint-bureau';
React.useEffect(() => {
initialize_fingerprint_sdk(
'client_id'
'environment',
);
}, []);
Submit the data
The DataCallback added in the Submit function returns whether the device data has been registered or not.
onPress={() => {
submitFingerPrintData(session_id, user_id, flow)
.then(res => {
// Save in State
console.log('FINGERPRINT', res);
})
.catch(e => console.log('FINGERPRINT', e));
}}
Parameter Description
Key | Description | Mandatory/Optional |
---|---|---|
client_id | The client id shared by Bureau. | Mandatory |
environment | Environment in which SDK is being used. Possible values 'sandbox' or 'production'. | Mandatory |
session_id | Identifier to track a session, note we recommend you to generate it from your backend. This has to be unique for every request. | Mandatory |
user_id | Identifier for a user, can be internal customer ID. | Mandatory |
flow | Flow in which the SDK is being invoked, can be login signup, deposit, withdrawal, no restrictions. | Optional |
Serverside URL's
- Sandbox - https://api.overwatch.stg.bureau.id/v1/suppliers/device-fingerprint
- Production - https://api.overwatch.bureau.id/v1/suppliers/device-fingerprint
Server side call to get the details
url --location --request POST 'https://api.overwatch.bureau.id/v1/suppliers/device-fingerprint' \
--header 'Authorization: Basic MzNiNxxxx2ItZGU2M==' \
--header 'Content-Type: application/json' \
--data-raw '{
"sessionKey": "697bb2d6-xxxx-487f-xxxx-548d6a809360"
}'
Response
{
"GPSLocation": {
"city": "Ahmedabad",
"country": "IN",
"latitude": 23.03499984741211,
"longitude": 72.56400299072266,
"region": "Gujarat"
},
"IP": "43.242.116.163",
"IPLocation": {
"city": "Ahmedabad",
"country": "IN",
"latitude": 23.03499984741211,
"longitude": 72.56400299072266,
"region": "Gujarat"
},
"IPSecurity": {
"VPN": false,
"isCrawler": false,
"isProxy": false,
"isTor": false,
"threatLevel": "low"
},
"IPType": "v4",
"OS": "android",
"VPN": null,
"conditionsEvaluationStatus": true,
"debuggable": true,
"emulator": true,
"error": null,
"fingerprint": "ce53c2cd-xxxx-40c3-xxxx-41400751a07e",
"firstSeenDays": 11,
"isAppCloned": false,
"isAppTampered": false,
"mockgps": false,
"model": "sdk_gphone64_arm64",
"package": "com.rxxxo.app.staging",
"riskLevel": "HIGH",
"rooted": false,
"status": "OK",
"totalUniqueUserId": 3,
"userId": "9xxxx6x4"
}
}
{
"data": null,
"errors": {
"status": 401,
"errorCode": "UNAUTHORIZED",
"service": "Overwatch"
},
"message": "",
"meta": {
"length": 0,
"took": 0,
"total": 0
}
}
{
"error": {
"code": 0,
"description": "",
"message": "Server encountered an error",
"metadata": null,
"referenceId": "86529a18-a5cb-4da9-91b0-8d04cdb9167e",
"type": "INTERNAL_SERVER_ERROR"
},
"merchantId": "auth0|61dfxxxx0071be7021",
"requestId": "c69d86f0-xxxx-4ef0-xxxx-e687d595a507",
"statusCode": 500,
"timestamp": 1657009043753
}
{
"error": {
"code": 422,
"description": "Failed to find fingerprint for given session key",
"message": "NO_RECORD_FOUND",
"metadata": null,
"referenceId": "",
"type": "NO_RECORD_FOUND"
},
"merchantId": "auth0|61dfbbxxxx420071be7021",
"requestId": "24e1aa7f-xxxx-404d-xxxx-5f8a0227e8f0",
"statusCode": 422,
"timestamp": 1658402132141
}
{
"statusCode": 400,
"error": {
"code": 0,
"type": "BAD_REQUEST",
"message": "Session key is missing",
"description": "request does not contain additionalData.sessionKey param in request",
"referenceId": "24f94ae8-xxxx-48a4-xxxx-b25f99fb06d9",
"metadata": null
},
"timestamp": 1658402143450,
"merchantId": "auth0|61dfbbxxxx3420071be7021",
"requestId": "66403193-xxxx-44bc-xxxx-14735a45dfeb"
}
Response Description
Key | Description |
---|---|
GPSLocation(city, country, latitude, longitude, region) | GPS Based location of the user, user's consent is required to be taken to get this details. |
IPLocation(city, country, latitude, longitude, region) | IP based location of the user. |
IP | IP address of the user. |
VPN | Flag to indicate if the IP being used by the user is a VPN. (Note the VPN within the IPSecurity JSON object should be used and not the one outside. |
isCrawler | Flag to indicate if the IP being used by the user is associated with a crawler. |
isProxy | Flag to indicate if the IP being used by the user is a proxy. |
isTor | Flag to indicate if the IP being used by the user is of a Tor network. |
threatLevel | The threat level associated with the IP. Possible values can be ["low", "medium", "high"] |
IPType | The type of IP, ["v4", "v6"] |
OS | The OS of the user's device. |
debuggable | Flag to indicate if the app is in debug mode. |
emulator | Flag to indicate if the app is being run on an emulator |
fingerprint | A hash generated for the device, this identifier will be unique for a device. |
firstSeenDays | The number of days from which the device is identified on Bureau's network. |
isAppCloned | Flag to indicate if the app is cloned. |
isAppTampered | Flag to indicate if the app is tampered. |
mockgps | Flag to indicate if the user is spoofing their GPS location. This will need users permission for background location. |
model | The device model. |
package | The package name. |
riskLevel | Risk level of the user, calculated based on the flags that are exposed in the above sections. Possible values ["LOW", "MEDIUM", "HIGH"] |
rooted | Flag to indicate if the device is rooted. |
Go live checklist
- For determining the app tamper check, we would require your package name and signature hash code, kindly ensure this is shared before going live. The hash code can be obtained from PackageManager GET_SIGNING_CERTIFICATES signingInfo.signingCertificateHistory this will be a byte array.