Skip to content

Latest commit

 

History

History
390 lines (292 loc) · 20.4 KB

README.md

File metadata and controls

390 lines (292 loc) · 20.4 KB

Header Graphic

Version API Doc License Platform API Level Maven

Table of Contents

Overview

The Jumio Software Development Kit (SDK) provides you with a set of tools and UIs (default or custom) to develop an Android application perfectly fitted to your specific needs.

Onboard new users and easily verify their digital identities by making sure the IDs they provide are valid and authentic. Extract data from ID documents completely automatically and within seconds. Confirm that users really are who they say they are by having them take a quick selfie and match it to their respective documents. Jumio uses cutting-edge biometric technology to make sure there is an actual, real-life person in front of the screen.

SDK Overview

Using the Jumio SDK will allow you to create the best possible solution for your individual needs, providing you with a range of different services to choose from.


Get Started

Please note that basic setup is required before continuing with the integration of any of the following services.

Jumio SDK Integration

Jumio KYX platform and related services are a secure and easy solution that allows you to establish the genuine identity of your users in your mobile application, by verifying their passports, government-issued IDs and actual liveness in real-time. Very user-friendly and highly customizable, it makes onboarding new customers quick and simple.

➡️  SDK INTEGRATION GUIDE
➡️  Changelog
➡️  Transition Guide

Previous SDK Versions

If you need information on older SDK versions, please refer to:

Code Documentation

Full API documentation for the Jumio Android SDK can be found here.

FAQ

Link to Jumio Android SDK FAQ can be found here.

Known Issues

List of known issues can be found here.


Quickstart

This section provides a quick overview on how to get started with the Android sample application that can be found here on Github. You will need a commercial Jumio License to successfully run any of our examples; for details, contact [email protected]. You will also need an up-to-date Android Studio version to open and try out the sample project.

Start by downloading the Android sample application from the Jumio Github repo. You can either clone the repository (using SSH or HTTPS) to your local device or simply download everything as a ZIP.

Once you’ve got the sample application downloaded and unzipped, open Android Studio. Choose Import project and navigate to where you’ve saved your sample application. Select the JumioMobileSample folder and open it.

Android Studio will now start to import the project. This might take a bit of time. Make sure to wait until the Gradle Build has finished and the application is properly installed!

The Android sample application contains the package com.jumio.sample, which consists of:

  • MainActivity.kt
  • customui/
    • CustomUIActivity.kt
    • adapter/
      • CustomConsentAdapter.kt
      • CustomCountryAdapter.kt
      • CustomDocumentAdapter.kt

To use the Jumio Sample Application you need an SDK Token. If you haven't done so already, please refer to the Authentication and Encryption section for more details on how to obtain your SDK token. To add your individual SDK token to the application copy/paste it to the token input field once the application is started.

⚠️  Note: We strongly recommend not storing any credentials inside your app! We suggest loading them during runtime from your server-side implementation.

Once you start up the sample application, you'll be given the option of trying out the Jumio SDK. The sample application needs camera permissions, which will be prompted for automatically once you try to start the SDK via one of the buttons. If you deny camera permissions, you won't be able to use the SDK.


Basics

General Requirements

The minimum requirements for the SDK are:

  • Android 5.0 "Lollipop" (API level 21) or higher
  • APG version 8.5 or higher
  • Gradle version 8.7 or higher
  • Internet connection
  • Jumio KYX

ℹ️  Note: Starting with SDK 4.9.0 the minimum required compile SDK version is 34. Also Gradle 8 is required to build the SDK!

The following architectures are supported in the SDK:

  • ARMv7 processor with Neon
  • ARM64-v8a

ℹ️  Note: Currently, x86 and x86_64 are not supported. You get an UnsatisfiedLinkError if app and CPU architecture do not match or the CPU architecture is not supported.

You will need a commercial Jumio License to run any of our examples. For details, contact [email protected].

Authentication and Encryption

ℹ️  As of version 4.0.0 and onward, the SDK can only be used in combination with Jumio KYX. API v2 as well as using API token and secret to authenticate against the SDK will no longer be compatible.

Before starting a session in our SDK, an SDK token has to be obtained. Please refer to out API Guide for further details. To authenticate against the API calls, an OAuth2 access token needs to be retrieved from the Customer Portal.

Within the response of the Account Creation or Account Update API, a SDK token is returned, which needs to be applied to initiate the mobile SDK.

Authentication with OAuth2

Your OAuth2 credentials are constructed using your API token as the Client ID and your API secret as the Client secret. You can view and manage your API token and secret in the Customer Portal under:

  • Settings > API credentials > OAuth2 Clients

Client ID and Client secret are used to generate an OAuth2 access token. OAuth2 has to be activated for your account. Contact your Jumio Account Manager for activation.

Access Token URL (OAuth2)

  • US: https://auth.amer-1.jumio.ai/oauth2/token
  • EU: https://auth.emea-1.jumio.ai/oauth2/token
  • SG: https://auth.apac-1.jumio.ai/oauth2/token

The TLS Protocol is required to securely transmit your data, and we strongly recommend using the latest version. For information on cipher suites supported by Jumio during the TLS handshake see supported cipher suites.

ℹ️  Note: Calls with missing, incorrect or suspicious headers or parameter values will result in HTTP status code 400 Bad Request Error or 403 Forbidden.

Request Access Token (OAuth2)

curl --request POST --location 'https://auth.amer-1.jumio.ai/oauth2/token' \
    --header 'Accept: application/json' \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --data-raw 'grant_type=client_credentials' \
    --basic --user CLIENT_ID:CLIENT_SECRET

Response Access Token (OAuth2)

{
  "access_token": "YOUR_ACCESS_TOKEN",
  "expires_in": 3600,
  "token_type": "Bearer"
}

Access Token Timeout (OAuth2)

Your OAuth2 access token is valid for 60 minutes. After the token lifetime is expired, it is necessary to generate a new access token.

Workflow Transaction Token Timeout

The token lifetime is set to 30 minutes per default. It can be configured via the Jumio Customer Portal and can be overwritten using the API call (tokenLifetime). Within this token lifetime the token can be used to initialize the SDK.

As soon as the workflow (transaction) starts, a 15 minutes session timeout is triggered. For each action performed (capture image, upload image) the session timeout will reset, and the 15 minutes will start again.

After creating/updating a new account you will receive a sdk.token (JWT) for initializing the SDK. Use this SDK token with your Android code:

sdk = JumioSDK(context: Context).apply {
  token = "YOUR_SDK_TOKEN"
  dataCenter = "YOUR_DATACENTER"
}

Permissions

The following permission is optional:

<uses-permission android:name="android.permission.VIBRATE"/>

ℹ️  Note: On devices running Android Marshmallow (6.0) and above, you need to acquire android.permissions.CAMERA dynamically before initializing the SDK.

Use JumioSDK.hasAllRequiredPermissions(context: Context) to make sure the Jumio SDK has all required permissions. In case this method returns false, use the method JumioSDK.getMissingPermissions(context: Context), which will return an array list containing String values of all missing permissions. Request any missing permissions using the ActivityCompat.requestPermissions() method.

Integration

Use the SDK in your application by including the Maven repositories with the following build.gradle configuration in Android Studio:

repositories {
	google()
	mavenCentral()
	exclusiveContent {
		forRepository {
			maven {
				url 'https://repo.mobile.jumio.ai'
			}
		}
		filter {
			includeGroup "com.jumio.android"
			includeGroup "com.iproov.sdk"
		}
	}
}

Check the Android Studio sample projects to learn the most common use.

Proguard

The Proguard settings should be applied automatically as they are defined as consumer Proguard rules within the SDK. The current rules can also be found in the Sample app.

Mandatory

The following Proguard Keep rules have to be added to the application hosting the Jumio Android SDK:

# Jumio
-keep class com.jumio.** { *; }
-keep class jumio.** { *; }

Optional

The following Proguard Keep rules have to be added to the application hosting the Jumio Android SDK if the corresponding dependencies have been added:

# Tensorflow
-keep class org.tensorflow.** { *; }
-keep class org.tensorflow.**$* { *; }
-dontwarn org.tensorflow.**

# IProov
-keep public class com.iproov.sdk.IProov { public *; }
-keep class com.iproov.** { *; }
-keep class com.iproov.**$* { *; }
-keep class com.google.protobuf.** { *; }
-keep class com.google.protobuf.**$* { *; }
-dontwarn com.google.protobuf.**
-dontwarn com.tinder.**
-dontwarn okhttp3.**
-dontwarn okio.**

# Datadog
-keep class com.datadog.** { *; }
-keep class com.datadog.**$* { *; }

# JMRTD
-keep class org.jmrtd.** { *; }
-keep class net.sf.scuba.** { *; }
-keep class org.bouncycastle.** { *; }
-keep class org.ejbca.** { *; }
-dontwarn java.nio.**
-dontwarn org.codehaus.**
-dontwarn org.ejbca.**
-dontwarn org.bouncycastle.**
-dontwarn module-info

# Dynamic Delivery Module
-keepclassmembers class com.google.android.play.core.splitinstall.SplitInstallHelper {
  *** loadLibrary(android.content.Context,java.lang.String);
}

-keep,includedescriptorclasses class com.jumio.ale.swig.** {
  *** swigDirectorDisconnect();
}

Dexguard

There might be additional rules necessary in case Dexguard is used:

# SplitInstallHelper 
	-loadslibrary com.google.android.play.core.splitinstall.SplitInstallHelper cpuinfo
	-loadslibrary com.google.android.play.core.splitinstall.SplitInstallHelper aleInterface
	
# Keep native resources
	-keepresourcefiles **/libcpuinfo.so
	-keepresourcefiles **/libaleInterface.so
	-keepresourcefiles **/libyuv_android.so
	-keepresourcefiles **/libtensorflowlite_jni.so

R8 Full Mode

For information regarding R8 fullMode, please refer to our FAQ section here.

Language Localization

Our SDK supports default Android localization features for different languages. All label texts and button titles in the SDK can be changed and localized by adding the required Strings you want to change in a strings.xml file in a values directory for the language and culture preference that you want to support. You can check out strings that are modifiable within our Sample application.

Jumio SDK products support the following languages:

Afrikaans, Arabic, Bulgarian, Chinese(Simplified), Chinese(Traditional), Croatian, Czech, Danish, Dutch, Estonian, English, Finnish, French, German, Greek, Hindi, Hungarian, Indonesian, Italian, Japanese, Khmer, Korean, Latvian, Lithuanian, Maltese, Norwegian, Polish, Portuguese, Romanian, Russian, Serbian (Cyrillic), Serbian (Latin), Slovak, Slovenian, Spanish, Swedish, Thai, Turkish, Vietnamese, Zulu

Our SDK supports accessibility features. Visually impaired users can now enable TalkBack or increase the text size on their device. The accessibility strings that are used by TalkBack contain accessibility in their key and can be also modified in strings.xml.

ML Models

The Jumio SDK utilizes ML Models to enable client-/server-side verification.

Required models can be provided by downloading and adding them manually to the bundle or preloading them. The SDK will load them on demand if none of the previous is applied.

Loading the models in advance will improve startup time of the SDK.

For more details, please refer to our integration guide.

Document Verification

As of Android SDK 4.3.0, Document Verification functionality is available. This functionality allows users to submit a number of different document types (e.g. a utility bill or bank statement) in digital form and verify the validity and authenticity of this document.

Documents can be submitted using one of two ways: Taking a photo of the document or uploading a PDF file. For more details, please refer to our integration guide.

Supported Documents:

  • BC (Birth certificate)
  • BS (Bank statement)
  • CAAP (Cash advance application)
  • CB (Council bill)
  • CC (Credit card)
  • CCS (Credit card statement)
  • CRC (Corporate resolution certificate)
  • CUSTOM
  • HCC (Health care card)
  • IC (Insurance card)
  • LAG (Lease agreement)
  • LOAP (Loan application)
  • MEDC (Medicare card)
  • MOAP (Mortgage application)
  • PB (Phone bill)
  • SEL (School enrollment letter)
  • SENC (Seniors card)
  • SS (Superannuation statement)
  • SSC (Social security card)
  • STUC (Student card)
  • TAC (Trade association card)
  • TR (Tax return)
  • UB (Utility bill)
  • VC (Voided check)
  • VT (Vehicle title)
  • WWCC (Working with children check)

ℹ️  Note: To enable the use of this feature, please contact Jumio support.

Digital Identity

As of Jumio Android SDK 4.5.0, users may use their Digital Identity to verify their identity. For now 'ID by Mastercard' is the only Digital Identity provider currently supported by our SDK.

If you want to enable Digital Identity verification for your account please contact us. In case you are already set up to use Digital Identity verification within your app, check out the integration steps explained here.

Analytics With Datadog

Analytic feedback and diagnostics enable us to continually improve our SDK and its performance, as well as investigate potential issues. With the Jumio SDK, we use Datadog as an optional tool to collect diagnostic information. Data collected includes specific SDK information like version numbers, started and finished SDK instances and scan workflows, thrown exceptions and error information, as well as other mobile events. Please note that gathering analytics data requires user consent due to legal regulations such as GDPR. The consent is granted when our MLA is accepted.

To benefit from Datadog, add the following dependency to your build.gradle file:

implementation "com.jumio.android:datadog:${SDK_VERSION}"

Security

All SDK related traffic is sent over HTTPS using TLS and public key pinning. Additionally, the information itself within the transmission is also encrypted utilizing Application Layer Encryption (ALE). ALE is a Jumio custom-designed security protocol that utilizes RSA-OAEP and AES-256 to ensure that the data cannot be read or manipulated even if the traffic was captured.


Release Notes

See our Change Log for more information about our current SDK version and further details.

Maintenance and Support

Please refer to our SDK maintenance and support policy for more information about Mobile SDK maintenance and support.

Two-factor Authentication

If you want to enable two-factor authentication for your Jumio Customer Portal, contact us. Once enabled, users will be guided through the setup upon their first login to obtain a security code using the Google Authenticator app.

Licenses

The source code and software available on this website (“Software”) is provided by Jumio Corp. or its affiliated group companies (“Jumio”) "as is” and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall Jumio be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including but not limited to procurement of substitute goods or services, loss of use, data, profits, or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this Software, even if advised of the possibility of such damage.

In any case, your use of this Software is subject to the terms and conditions that apply to your contractual relationship with Jumio. As regards Jumio’s privacy practices, please see our privacy notice available here: Privacy Policy.

The software contains third-party open source software. For more information, see licenses.

This software is based in part on the work of the Independent JPEG Group.

Contact

If you have any questions regarding our implementation guide please contact Jumio Customer Service at [email protected]. The Jumio online helpdesk contains a wealth of information regarding our services including demo videos, product descriptions, FAQs, and other resources that can help to get you started with Jumio.

Copyright

© Jumio Corporation, 100 Mathilda Place Suite 100 Sunnyvale, CA 94086