In-app verification

Check out our end-to-end guide on how to implement in-app verification.

Adding a credential

Adding an in-app credential generates a private/public key pair, where the private key is secured on the user’s mobile device and the public key is held by Authsignal. This operation must be authorized with a short-lived token, which can be obtained by tracking an action from your backend in an authenticated context.

await authsignal.inapp.addCredential(token: "eyJhbGciOiJ...")

Parameters

token

string

A short-lived token obtained by tracking an action.

deviceIntegrity

boolean

When set to true, the SDK will generate a platform-specific attestation during enrollment:

iOS: Uses App Attest (DCAppAttestService) to generate an attestation bound to the device.
Android: Uses Play Integrity to generate an integrity token.

The attestation is generated internally by the SDK and sent to the Authsignal server for verification. This provides an additional layer of assurance that the credential is being enrolled from a legitimate app on a real device.

Response

response

AuthsignalResponse<AppCredential>

Show properties

error

string

An unstructured error description present if the SDK call encountered an error.

errorCode

string

A formatted error code which may additionally be present if the SDK call encountered an error. Possible values are: token_not_set, expired_token or network_error.

data

AppCredential | null

Show properties

credentialId

string

required

The ID of the app credential.

createdAt

string

required

The date and time the app credential was created.

userId

string

required

The user ID of the user that the app credential belongs to.

Getting a credential

Get information about the in-app credential stored on the device, if one exists.

let response = await authsignal.inapp.getCredential()

Response

response

AuthsignalResponse<AppCredential>

Show properties

error

string

An unstructured error description present if the SDK call encountered an error.

errorCode

string

A formatted error code which may additionally be present if the SDK call encountered an error. Possible values are: invalid_credential when the credential exists on the device but has been removed from the server.

data

AppCredential

Show properties

credentialId

string

required

The ID of the app credential.

createdAt

string

required

The date and time the app credential was created.

lastAuthenticatedAt

string

The date and time the app credential was last used for authentication. Will be null if the credential has never been used.

userId

string

required

The user ID of the user that the app credential belongs to.

Removing a credential

await authsignal.inapp.removeCredential()

Response

response

AuthsignalResponse<boolean>

Show properties

error

string

An unstructured error description present if the SDK call encountered an error. This could occur if the credential on the device is no longer valid because the corresponding user authenticator has been deleted in the Authsignal Portal.

data

boolean

True if the app credential was successfully removed.

Verifying an action

Verify an action in your app using the credential stored securely on the device.

let response = await authsignal.inapp.verify()

let token = response.data?.token

Response

response

AuthsignalResponse<VerifyDeviceResponse>

Show properties

error

string

data

VerifyDeviceResponse

Show properties

token

string

required

A token which can be used for server-side validation.

userId

string

required

The user ID of the user that the device credential belongs to.

userAuthenticatorId

string

required

The user authenticator ID that the device credential belongs to.

username

string

The username of the user that the device credential belongs to.

Creating a PIN

Create a custom PIN backed by a cryptographic in-app credential stored securely on the user’s device.

let response = await authsignal.inapp.createPin(
    token: "eyJhbGciOiJ...",
    username: "jane.smith@authsignal.com",
    pin: "123456"
)

Parameters

token

string

A short-lived token obtained by tracking an action.

username

string

The username associated with the PIN. A device can have multiple PINs stored for different users.

string

The PIN value. Must be a valid 6-digit numeric value.

Response

response

AuthsignalResponse<AppCredential>

Show properties

error

string

An unstructured error description present if the SDK call encountered an error.

errorCode

string

A formatted error code which may additionally be present if the SDK call encountered an error. Possible values are: token_not_set, expired_token or network_error.

data

AppCredential | null

Show properties

credentialId

string

required

The ID of the app credential.

createdAt

string

required

The date and time the app credential was created.

userId

string

required

The user ID of the user that the app credential belongs to.

Verifying a PIN

Check a submitted PIN value against the value stored on the device and use the associated in-app credential to verify the user.

let response = await authsignal.inapp.verifyPin(
    username: "jane.smith@authsignal.com",
    pin: "123456"
)

let isVerified = response.data?.isVerified
let token = response.data?.token

Response

response

AuthsignalResponse<VerifyPinResponse>

Show properties

error

string

data

VerifyPinResponse

Show properties

isVerified

boolean

required

True if PIN verification is successful.

token

string

required

A token which can be used for server-side validation.

userId

string

required

The user ID of the user that the PIN and in-app credential belong to.

Get PIN usernames on device

Get all the usernames for PINs currently stored on the device. This method can be used if allowing multiple users to create PINs on the same device.

let response = await authsignal.inapp.getAllPinUsernames()

let usernames = response.data

Response

response

AuthsignalResponse<string[]>

Show properties

error

string

An unstructured error description present if the SDK call encountered an error.

data

string[]

An array of usernames for all the PINs currently stored on the device

Server

Client

Call Connect

Adding a credential

Parameters

Response

Getting a credential

Response

Removing a credential

Response

Verifying an action

Response

Creating a PIN

Parameters

Response

Verifying a PIN

Response

Get PIN usernames on device

Response

Server

Client

Call Connect

​Adding a credential

​Parameters

​Response

​Getting a credential

​Response

​Removing a credential

​Response

​Verifying an action

​Response

​Creating a PIN

​Parameters

​Response

​Verifying a PIN

​Response

​Get PIN usernames on device

​Response

Adding a credential

Parameters

Response

Getting a credential

Response

Removing a credential

Response

Verifying an action

Response

Creating a PIN

Parameters

Response

Verifying a PIN

Response

Get PIN usernames on device

Response