Prove® Platform iOS SDK
Learn how to integrate the client-side iOS SDK into your native application.
Installation
The iOS SDK is written in Swift. It is a lightweight XCFramework with a download size of 2.5 MB and an install size of 1.5 MB for the minimum required components. It only relies on iOS native APIs; no external dependencies are included. Prove’s iOS SDK minimally supports the previous 3 major versions (iOS v14 today), Prove has seen successful transactions with iOS v11.
Prove manages a repository with the libraries to enable integration.
The following needs to be followed to remotely import CocoaPod from the Prove pod repository:
Permissions
No additional permissions are required to use the SDK.
Send the Type of Flow: Mobile
Unlike the Web SDK, when using the iOS SDK, the mobile flow must be used. You should pass mobile to the Start() function on the server. In a mobile flow, Mobile Auth is attempted first and if that fails, it will perform OTP validation on the mobile phone.
In the mobile flow, once either Mobile Auth or the OTP validation is complete, the AuthFinishStep function will be called.
Mobile Auth
In order for Mobile Auth to succeed, the end user must not be using a VPN and Private Relay on iOS needs to be disabled.
Authenticate()
The SDK requires an authToken as a parameter for the Authenticate() function. This token is returned from the Start() call of the server SDK. The token is session specific so it can only be used for a single flow so it cannot be reused. It also expires after 15 minutes.
Retrieve authToken
To start the flow, you’ll need to send a request to your backend server with the phone number, flow type, and an optional challenge of either the date of birth (format: YYYY-MM-DD) or social security number (format: last 4 digits).
Setup Authenticator
Once you have the authToken, build the authenticator for the mobile flow.
Cellular data connection might not always be available during testing. The Builder class offers a method, which permits simulated successful session results while connected to Wi-Fi network only (without a cellular data connection available). This feature is particularly useful for testing on the Emulator. This can only be used in Sandbox mode. It will allow Mobile Auth℠ to be simulated successfully and won’t fallback to OTP.
Performing the Authentication
The ProveAuth object is thread-safe and can be used as a singleton. Most Prove Auth methods are blocking and therefore cannot be performed in the main application thread. The application is required to manage threads, for instance, with an executor service, which provides at least two threads, since the SDK may have more then one simultaneous blocking requests.
Validate the Mobile Phone
In the AuthFinishStep, you’ll specify a function to call once the possession checks are complete on the mobile phone. In the code below, we are referencing an endpoint called /verify
and this is not a Prove endpoint, this should be a new endpoint on your backend server that should call the Validate()
function to check if the phone number was validated. If it was successful, the server should then call the Challenge()
function and then return the results that will include user information. If it was not successful, the server won’t return user information. We’ve included a few example fields that should be returned and then pre-filled on a form for the user to verify.
OTP Configuration
There are two functions to implement for the OTP handling - a start and a finish step.
Note: Retry functionality is not supported in OTP.
In order to set the OTP handlers, OtpStartStep and OtpFinishStep interfaces should be implemented. The Swift snippet has an example.
OtpStartStep
example:
OtpFinishStep
example:
Verify the User Information
Once the user has made any edits to their pre-fill information, you should submit that information to the backend server so the Complete()
call can then verify the user information.
Was this page helpful?