SDK Authentication

To enable secure and seamless data transactions, users must generate an authentication token that safeguards all the API calls. This section will explain the procedure to generate SDK authentication tokens while integrating Fusion SDK. The token generation process involves generating and configuring the key-pair. The private key of the key-pair is responsible for signing the authentication token.

About Maven repository

A Maven repository holds the build artifacts and dependencies of the application. This repository is usually present on a local computer where the application resides or in a remote server that can be accessed by internet protocols. The local and remote repositories are usually structured in a similar way so that scripts can run on either side, or they can be synced offline. The layout of the repositories is completely transparent to any Maven user

Dependencies

The following prerequisites have to be taken care of before you create SDK authentication tokens.s:

1. Add the following Maven repository URLs in the POM file of your project.

Maven repositories

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

    <project>
    ...
      <repositories>
      <repository>
      <id>apollo-maven</id>
    <name>Apollo maven</name>
      <url>http://172.16.64.117:8081/nexus/content/repositories/releases/'</url>
    <username>my_login</username>
      <password>my_password</password>
    </repository>
      <repository>
    <id>apollo-maven-snapshots</id>
    <name>Apollo maven snapshot</name>
    <url>http://172.16.64.117:8081/nexus/content/repositories/snapshots/'</url>
    <username>my_login</username>
    <password>my_password</password>
    </repository>
    </repositories>
    ...
    </project> 

Use the same credentials, as shared for the Android SDK’s Maven repository, to access the Maven repository.

2. Add the following dependencies in your project.

Dependencies

1
2
3

  <groupId>in.zeta.apollo</groupId>
  <artifactId>tenant-commons</artifactId>
  <version>1.1</version> 

3. Ensure that you receive the private key along with a token generation logic.

Generating the authentication token

The authentication token must be generated on the server-side as it involves digitally signing the data with a private key. The token is generated and passed on to the SDK during runtime.

Prerequisites

Before generating the authentication tokens, we recommend you take note of the following checklists.

• Keep the private key confidential.

• To ensure hassle-free generation of authentication tokens, update the token during every app launch.

• Make sure your application logic sends only the non-expired tokens while requesting authentication.

JWT token generation

Use the following logic on your application to request for an authentication token.

1
2
3
4
5
6

  String jwtToken = AsymmetricJwtTokenGenerator.generateJWT(
                   <<issuerId>>,
                   <<base64EncodedPrivateKey>>,
                   <<algorithm>>,
                   <<claims>>,
                   <<expiryEpochTimeInMilliseconds>>);

Parameter description

• issuerID: Unique identifier of the issuer. An issuer can be a business entity or an organization.

• base64EncodedPrivatekey: A private key generated during the SDK authentication process. It is used to digitally sign the transmitted data while creating the authentication token.

• algorithm: Algorithm used for key-value pair generation. Currently, we support EC algorithms.

• expiryEpochTimeInMilliseconds: Expiration time of the token mentioned as an epoch time in milliseconds.

• claims: Claims are statements based on declarations made by the tenant in the authentication token. You can add the claims in the SDK integration with Object type Map<String, Object>.

Sample Map for claims

1
2
3

  {
     'tenantUniqueVectorId': '<unique identifier for the app user>'
  } 

• tenantUniqueVectorId: Unique identifier of the tenantUniqueVector generated by the tenant. This unique ID and the signature are verified while generating the authentication tokens.