Skip to content

Latest commit

 

History

History
276 lines (200 loc) · 17.1 KB

README.md

File metadata and controls

276 lines (200 loc) · 17.1 KB

Header Graphic

Version License Platform Maven API Level

Table of Contents

Overview

The Jumio Software Development Kit (SDK) provides you with a set of tools and UIs (default or custom) to develop an Android application perfectly fitted to your specific needs.

Onboard new users and easily verify their digital identities by making sure the IDs they provide are valid and authentic. Extract data from ID documents completely automatically and within seconds. Confirm that users really are who they say they are by having them take a quick selfie and match it to their respective documents. Jumio uses cutting-edge biometric technology such as 3D face mapping to make sure there is an actual, real-life person in front of the screen.

SDK Overview

Using the Jumio SDK will allow you to create the best possible solution for your individual needs, providing you with a range of different services to choose from.


Get Started

Please note that basic setup is required before continuing with the integration of any of the following services.

Jumio SDK Integration

Jumio KYX platform and related services are a secure and easy solution that allows you to establish the genuine identity of your users in your mobile application, by verifying their passports, government-issued IDs and actual liveness in real-time. Very user-friendly and highly customizable, it makes onboarding new customers quick and simple.

➡️  SDK INTEGRATION GUIDE
➡️  Changelog
➡️  Transition Guide

Previous SDK Versions

If you need information on older SDK versions, please refer to:


Quickstart

This section provides a quick overview on how to get started with the Android sample application that can be found here on Github. You will need a commercial Jumio License to successfully run any of our examples; for details, contact [email protected]. You will also need an up-to-date Android Studio version to open and try out the sample project.

Start by downloading the Android sample application from the Jumio Github repo. You can either clone the repository (using SSH or HTTPS) to your local device or simply download everything as a ZIP.

Once you’ve got the sample application downloaded and unzipped, open Android Studio. Choose Import project and navigate to where you’ve saved your sample application. Select the JumioMobileSample folder and open it.

Android Studio will now start to import the project. This might take a bit of time. Make sure to wait until the Gradle Build has finished and the application is properly installed!

The Android sample application contains the package com.jumio.sample.kotlin, which consists of:

  • MainActivity
  • customui
    • CustomUIActivity
    • CustomCountryAdapter
    • CustomDocumentAdapter
    • CustomVariantAdapter

Right at the top of the CustomUiActivity you’ll find a companion object with the following empty parameters:

const val EXTRA_TOKEN="sdk_token"
const val EXTRA_DATACENTER="datacenter"

If you haven't done so already, please refer to the Authentication and Encryption section for more details on how to obtain your SDK token. Add your individual SDK token instead of the placeholder. The default setting for the data center is JumioDataCenter.US.

⚠️  Note: We strongly recommend not storing any credentials inside your app! We suggest loading them during runtime from your server-side implementation.

Once you start up the sample application, you'll be given the option of trying out the Jumio SDK. Click the hamburger menu in the top left corner to choose a service. Your application will also need camera permissions, which will be prompted for automatically once you try to start any of the services. If you deny camera permissions, you won't be able to use any of the services.


Basics

General Requirements

⚠️  Android Deprecation Notice
Please be aware that SDK 4.2.0 will be the last SDK version supporting Android 4.4 (API level 19). All subsequent SDK versions will require at least Android 5.0 "Lollipop" (API level 21).

The minimum requirements for the SDK are:

  • Android 4.4 (API level 19) or higher
  • Internet connection
  • Jumio KYX or Jumio API v3

The following architectures are supported in the SDK:

  • ARMv7 processor with Neon
  • ARM64-v8a

ℹ️  Note: Currently, x86 and x86_64 are not supported. You get an UnsatisfiedLinkError if app and CPU architecture do not match or the CPU architecture is not supported.

You will need a commercial Jumio License to run any of our examples. For details, contact [email protected].

Authentication and Encryption

ℹ️  As of version 4.0.0 and onward, the SDK can only be used in combination with Jumio KYX or Jumio API v3. API v2 as well as using API token and secret to authenticate against the SDK will no longer be compatible.

Before starting a session in our SDK, an SDK token has to be obtained. Please refer to out API Guide for further details. To authenticate against the API calls, an OAuth2 access token needs to be retrieved from the Customer Portal.

Within the response of the Account Creation or Account Update API, a SDK token is returned, which needs to be applied to initiate the mobile SDK.

Basic Authentication (Deprecated)

Previously, Basic Auth credentials were constructed using your API token as the User ID and your API secret as the password. You still can manage API token and secret in the Customer Portal under:

  • Settings > API credentials > API Users

Authentication with OAuth2

Your OAuth2 credentials are constructed using your API token as the Client ID and your API secret as the Client secret. You can view and manage your API token and secret in the Customer Portal under:

  • Settings > API credentials > OAuth2 Clients

Client ID and Client secret are used to generate an OAuth2 access token. OAuth2 has to be activated for your account. Contact your Jumio Account Manager for activation.

Access Token URL (OAuth2)

  • US: https://auth.amer-1.jumio.ai/oauth2/token
  • EU: https://auth.emea-1.jumio.ai/oauth2/token
  • SG: https://auth.apac-1.jumio.ai/oauth2/token

The TLS Protocol is required to securely transmit your data, and we strongly recommend using the latest version. For information on cipher suites supported by Jumio during the TLS handshake see supported cipher suites.

ℹ️  Note: Calls with missing, incorrect or suspicious headers or parameter values will result in HTTP status code 400 Bad Request Error or 403 Forbidden.

Request Access Token (OAuth2)

curl --request POST --location 'https://auth.amer-1.jumio.ai/oauth2/token' \
    --header 'Accept: application/json' \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --data-raw 'grant_type=client_credentials' \
    --basic --user CLIENT_ID:CLIENT_SECRET

Response Access Token (OAuth2)

{
  "access_token": "YOUR_ACCESS_TOKEN",
  "expires_in": 3600,
  "token_type": "Bearer"
}

Access Token Timeout (OAuth2)

Your OAuth2 access token is valid for 60 minutes. After the token lifetime is expired, it is necessary to generate a new access token.

Workflow Transaction Token Timeout

The token lifetime is set to 30 minutes per default. It can be configured via the Jumio Customer Portal and can be overwritten using the API call (tokenLifetime). Within this token lifetime the token can be used to initialize the SDK.

As soon as the workflow (transaction) starts, a 15 minutes session timeout is triggered. For each action performed (capture image, upload image) the session timeout will reset, and the 15 minutes will start again.

After creating/updating a new account you will receive a sdk.token (JWT) for initializing the SDK. Use this SDK token with your Android code:

sdk = JumioSDK(context: Context)
sdk.token = "YOUR_SDK_TOKEN"
sdk.dataCenter = "YOUR_DATACENTER"

Permissions

The following permission is optional:

<uses-permission android:name="android.permission.VIBRATE"/>

ℹ️  Note: On devices running Android Marshmallow (6.0) and above, you need to acquire android.permissions.CAMERA dynamically before initializing the SDK.

Use JumioSDK.hasAllRequiredPermissions(context: Context) to make sure the Jumio SDK has all required permissions. In case this method returns false, use the method JumioSDK.getMissingPermissions(context: Context), which will return an array list containing String values of all missing permissions. Request any missing permissions using the ActivityCompat.requestPermissions() method.

Integration

Use the SDK in your application by including the Maven repositories with the following build.gradle configuration in Android Studio:

repositories {
	google()
	mavenCentral()
	exclusiveContent {
		forRepository {
			maven {
				url 'https://repo.mobile.jumio.ai'
			}
		}
		filter {
			includeGroup "com.jumio.android"
			includeGroup "com.iproov.sdk"
		}
	}
}

Check the Android Studio sample projects to learn the most common use.

Proguard

Mandatory

The following Proguard Keep rules have to be added to the Jumio Mobile SDK:

-keep class com.jumio.** { *; }
-keep class jumio.** { *; }

Optional

The following Proguard Keep rules have to be added to the Jumio Mobile SDK if the corresponding dependencies have been added:

-keep class com.microblink.** { *; }
-keep class com.microblink.**$* { *; }
-keep public class com.iproov.sdk.IProov {public *; }

-keep class org.jmrtd.** { *; }
-keep class net.sf.scuba.** {*;}
-keep class org.bouncycastle.** {*;}
-keep class org.ejbca.** {*;}

Most of the Proguard settings are applied automatically, as they are defined as consumer Proguard rules within the SDK. The current rules can also be found in the Sample app.

Language Localization

Our SDK supports default Android localization features for different languages. All label texts and button titles in the SDK can be changed and localized by adding the required Strings you want to change in a strings.xml file in a values directory for the language and culture preference that you want to support. You can check out strings that are modifiable within our Sample application.

Jumio SDK products support the following languages:

Afrikaans, Arabic, Bulgarian, Chinese(Simplified), Chinese(Traditional), Croatian, Czech, Danish, Dutch, Estonian, English, Finnish, French, German, Greek, Hindi, Hungarian, Indonesian, Italian, Japanese, Khmer, Korean, Latvian, Lithuanian, Maltese, Norwegian, Polish, Portuguese, Romanian, Russian, Slovak, Slovenian, Spanish, Swedish, Thai, Turkish, Vietnamese, Zulu

Our SDK supports accessibility features. Visually impaired users can now enable TalkBack or increase the text size on their device. The accessibility strings that are used by TalkBack contain accessibility in their key and can be also modified in strings.xml.

Analytics With Datadog

Analytic feedback and diagnostics enable us to continually improve our SDK and its performance, as well as investigate potential issues. With the Jumio SDK, we use Datadog as an optional tool to collect diagnostic information. Data collected includes specific SKD information like version numbers, started and finished SDK instances and scan workflows, thrown exceptions and error information, as well as other mobile events. Please note that gathering analytics data requires user consent due to legal regulations such as GDPR. The consent is granted when our MLA is accepted.

To benefit from Datadog, add the following dependency to your build.gradle file:

implementation "com.jumio.android:datadog:${SDK_VERSION}"

To grant or revoke user consent, please use JumioSDK.giveDataDogConsent(boolean) method.

⚠️  Note: The use of the Datadog module is only possible if it is not already included in your application.


Security

All SDK related traffic is sent over HTTPS using TLS and public key pinning. Additionally, the information itself within the transmission is also encrypted utilizing Application Layer Encryption (ALE). ALE is a Jumio custom-designed security protocol that utilizes RSA-OAEP and AES-256 to ensure that the data cannot be read or manipulated even if the traffic was captured.


Release Notes

See our Change Log for more information about our current SDK version and further details.

Support

Previous Version

The previous release version 4.1.0 of the Jumio Mobile SDK is supported until 2022-08-27.

When the support period has expired, bug fixes and technical support will no longer be provided. Current bugs are typically fixed in the upcoming versions. Older SDK versions will keep functioning with our server until further notice, but we highly recommend that you always update to the latest version to benefit from SDK improvements and bug fixes.

Two-factor Authentication

If you want to enable two-factor authentication for your Jumio Customer Portal, contact us. Once enabled, users will be guided through the setup upon their first login to obtain a security code using the Google Authenticator app.

Licenses

The software contains third-party open source software. For more information, see licenses.

This software is based in part on the work of the Independent JPEG Group.

Contact

If you have any questions regarding our implementation guide please contact Jumio Customer Service at [email protected]. The Jumio online helpdesk contains a wealth of information regarding our services including demo videos, product descriptions, FAQs, and other resources that can help to get you started with Jumio.

Copyright

© Jumio Corporation, 395 Page Mill Road, Suite 150, Palo Alto, CA 94306

The source code and software available on this website (“Software”) is provided by Jumio Corp. or its affiliated group companies (“Jumio”) "as is” and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall Jumio be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including but not limited to procurement of substitute goods or services, loss of use, data, profits, or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this Software, even if advised of the possibility of such damage. In any case, your use of this Software is subject to the terms and conditions that apply to your contractual relationship with Jumio. As regards Jumio’s privacy practices, please see our privacy notice available here: Privacy Policy.