Minimum Requirements

SDK Minimum Version 21
Kotlin Minimum Version: 1.8.22
Java Minimum Version: 17
iOS Minimum Version: 13
AndroidX

Android Changes

The XML below is a representation of the permissions required. Please refer to the table below.

  <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
  <uses-permission android:name="android.permission.USE_BIOMETRIC" />
  <uses-permission android:name="com.google.android.providers.gsf.permission.READ_GSERVICES" />
  <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" /> //OPTIONAL
  <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
  <uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
  <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
  <uses-feature android:name="android.hardware.location.gps" />
  <uses-feature android:name="android.hardware.location" />

PERMISSION	USAGE STATUS
USE_BIOMETRIC	REQUIRED
READ_GSERVICES	REQUIRED
ACCESS_WIFI_STATE	REQUIRED
ACCESS_NETWORK_STATE	REQUIRED
ACCESS_COARSE_LOCATION	REQUIRED
ACCESS_FINE_LOCATION	OPTIONAL

iOS Changes

Make the below changes to Info.plist


//App would like to access IDFA for tracking purpose
<key>NSUserTrackingUsageDescription</key>
<string></string>

Integration Steps

At its core, the solution functions through three straightforward steps:

Start by installing Device Intelligence SDK with mobile application.
Initialize the SDK - this enables us to gather user and device data. We will then thoroughly analyze and enhance the collected data in the background.
You can then utilize our API to access insights, aiding you in deciding the subsequent actions for your user, whether it's permitting, obstructing, or redirecting them.

Flow Diagram

This diagram shows the interactions between a merchant's mobile app and Bureau's SDK.

sessionKey and userid are generated / retrieved by the client backend and sent to your application
Your mobile application initialises our SDK through the init function by setting these attributes -
1. Session ID (mandatory unique UUID)
2. User ID (optional)
3. Flow (optional)
Invoke the submit function in SDK to pass the data to Bureau backend.
Upon successful submission of the parameters, a callback is received in the SDK. The next steps can be taken based on the callback (success/failure).
If the callback is successful, your mobile application relays the success to your backend
Invoke Bureau's backend API /v1/suppliers/device-fingerprint to fetch insights
1. Input :sessionId
Based on the insights provided (fingerprint, and risk signals), you can determine the next steps for the user, such as allowing, blocking, or redirecting them.

Step 1 - SDK Installation

Version Recommendation
Install onetaplogin 1.1.9 as a [dependency in your pubspec.yaml file] Use this version if you have disclosed the need to collect package names via "QUERY_ALL_PACKAGES" in your privacy policy for fraud signal detection
Install onetaplogin: 1.3.3 Use this version if you DO NOT want to collect package names via "QUERY_ALL_PACKAGES" for fraud signal detection.

Version	Recommendation
Install onetaplogin 1.1.9 as a [dependency in your pubspec.yaml file]	Use this version if you have disclosed the need to collect package names via "QUERY_ALL_PACKAGES" in your privacy policy for fraud signal detection
Install onetaplogin: 1.3.3	Use this version if you DO NOT want to collect package names via "QUERY_ALL_PACKAGES" for fraud signal detection.

Step 2 - Initialise SDK

On Production

// Import package
import 'package:onetaplogin/onetaplogin.dart';


// To use Device Intelligence  
String status = await Onetaplogin.submitDeviceIntelligence(         //Here the status returned is a string and contains the finger print sdk's success or failure message
          clientID,
          sessionId,
          userId);

On Sandbox

// Import package
import 'package:onetaplogin/onetaplogin.dart';
	  
String status = await Onetaplogin.submitDeviceIntelligence(                       //Here the status returned is a string and contains the finger print sdk's success or failure message
          clientID,
          sessionId,
          userId, env : "Sandbox");

The status object for submitDeviceIntelligence and authenticateWithDeviceIntelligence methods would be a Bureau's own custom class that has the following properties.

isSuccess boolean to check the success of deviceintelligence.
errorMessage and errorCode to pinpoint errors in the case isSuccess is false and empty for true cases.

Android outer level build.gradle changes

buildscript {
  repositories {
    maven {
      url = uri("https://storage.googleapis.com/r8-releases/raw")
    }
  }
  dependencies {
    classpath("com.android.tools:r8:8.2.24")
  }
}

Android Manifest changes (Only for Device Intelligence)

PERMISSION	USAGE STATUS
USE_BIOMETRIC	REQUIRED
READ_GSERVICES	REQUIRED
ACCESS_WIFI_STATE	REQUIRED
ACCESS_NETWORK_STATE	REQUIRED
ACCESS_COARSE_LOCATION	REQUIRED
ACCESS_FINE_LOCATION	OPTIONAL

iOS Changes

Make the below changes to Info.plist


//App would like to access IDFA for tracking purpose
<key>NSUserTrackingUsageDescription</key>
<string></string>

Step 3 - Invoke API for Insights

To access insights from users and devices, including device fingerprint, and risk signals, integrating with Bureau's backend API for Device Intelligence insights.

Sample Request and Response

Below is a sample request and response for our Device Intelligence API. Refer to our Device Intelligence API documentation for more details.

Contact our support team at [email protected] to get your API keys and the production endpoint for the API.

curl --location --request POST 'https://api.sandbox.bureau.id/v1/suppliers/device-fingerprint' \
--header 'Authorization: Basic MzNiNxxxx2ItZGU2M==' \
--header 'Content-Type: application/json' \
--data-raw '{
    "sessionKey": "697bb2d6-1111-1111-1111-548d6a809360"
}'

{
  "GPSLocation": {
    "city": "",
    "country": "",
    "latitude": 0,
    "longitude": 0,
    "region": ""
  },
  "IP": "106.51.82.180",
  "IPLocation": {
    "city": "Bengaluru",
    "country": "India",
    "latitude": 12.976229667663574,
    "longitude": 77.60328674316406,
    "region": "Karnataka"
  },
  "IPSecurity": {
    "VPN": false,
    "isCrawler": false,
    "isProxy": false,
    "isTor": false,
    "threatLevel": "LOW"
  },
  "IPType": "v4",
  "OS": "android",
  "accessibilityEnabled": false,
  "adbEnabled": false,
  "behaviouralRiskLevel": "UNKNOWN",
  "confidenceScore": 100,
  "createdAt": 1712573578096,
  "debuggable": false,
  "developerMode": false,
  "deviceRiskLevel": "MEDIUM",
  "deviceRiskScore": 25.56,
  "emulator": false,
  "factoryResetRisk": "LOW",
  "factoryResetTime": null,
  "fingerprint": "6db7755c-1232-4f9d-ae1e-52bd952fac68",
  "firstSeenDays": 9,
  "googlePlayStoreInstall": true,
  "isAppCloned": true,
  "isAppTampered": null,
  "isDebuggingEnabled": false,
  "isOEMUnlockAllowed": false,
  "isSimPresent": true,
  "merchantId": "org_4KRtr8n6xKTsONjo",
  "mitmAttackDetected": false,
  "mockgps": false,
  "model": "A063",
  "networkInformation": {
    "ipType": "HOME",
    "isp": "Atria Convergence Technologies Pvt. Ltd."
  },
  "package": "id.bureau.sdkdemo",
  "remoteDesktop": false,
  "requestId": "26de630a-c4c2-451f-8718-b7df6a1f786b",
  "riskCauses": [
    "IS_APP_CLONED"
  ],
  "riskLevel": "MEDIUM",
  "riskScore": 25.56,
  "rooted": false,
  "sessionId": "3ad55d53-08be-46d5-8103-a8d0b570d6f5",
  "statusCode": 200,
  "timestamp": 1713427153595,
  "totalUniqueUserId": 5,
  "userId": "dhruvMultiple",
  "voiceCallDetected": false
}