# Application configuration
An application configuration is a specific set of application attributes for a mobile application. These attributes determine how the application should work.
# How it works
MobileID comes with a standard application configuration. It is possible to change the default values in this configuration to suit your needs. To do this, you can either:
Make changes to your application configuration using the Update properties of application configuration (opens new window) endpoint in our MobileID Admin API.
Send your preferences to us at support@signicat.com and we will update them for you.
You can find an overview of all application configuration properties and their default values in the tables below.
# Configurations
Application configuration properties
# Account recovery configurations
The properties below are used to configure MobileID's account recovery feature for your application.
Property name | Description | Allowed values | Default value |
recoveryEnabled | Enable users to set up cloud based recovery credentials. | true , false | false |
recoveryCodeMinLength | The minimum length (in characters) of the recovery code. Note: This parameter is a hint to the client, and is not enforced by the server. However, it is enforced in the client SDK. | From 0 to MAXINT | 6 |
recoveryCodeMaxLength | The maximum length (in characters) of the recovery code. Note: This parameter is a hint to the client, and is not enforced by the server. However, it is enforced in the client SDK. | From 0 to MAXINT | 50 |
recoveryCodeFormat | The types of characters that can be used for the recovery code. Note: This parameter is a hint to the client, and is not enforced by the server. However, it is enforced in the client SDK. | ALPHA , ALPHANUMERIC , ANY , NUMERIC | NUMERIC |
recoveryCodeAmountFailuresAllowed | The amount of failed recovery code attempts allowed for any client, before the recovery for the client is locked. | From 0 to MAXINT | 3 |
# App attestation configurations
The properties below are used to configure MobileID's app attestation feature (App Attest for iOS, and Play Integrity for Android) for your application.
Property name | Description | Allowed values | Default value |
attestationAndroidPlayIntegrityMode | Determines whether Play Integrity attestation is performed, and how the request is handled. This is reflected in three different modes:
| REQUIRED , OPTIONAL , OFF | OFF |
attestationAndroidPlayIntegrityTimeout | The timeout (given in milliseconds) for a request made to Play Integrity. | From 1 to MAXINT | |
attestationAndroidPlayIntegrityDecryptionKey | Play Integrity attestation decryption key, used to decrypt the integrity token. | Base64 encoded value | |
attestationAndroidPlayIntegrityVerificationKey | Play Integrity attestation verification key, used to validate the integrity token. | Base64 encoded value | |
attestationAndroidPackageName | The APK package name. This is required if attestationAndroidPlayIntegrityMode is set to REQUIRED or OPTIONAL . | String | |
attestationIosAppAttestMode | Determines whether Apple App Attest Service (used to validate whether an application runs on a real iOS device) is performed, and how the request is handled. This is reflected in three different modes:
| REQUIRED , OPTIONAL , OFF | OFF |
attestationIosAppAttestEnvironment | Determines the environment where an iOS app that uses App attestation validates itself. | PRODUCTION , DEVELOPMENT | PRODUCTION |
attestationIosAppAttestTimeout | The timeout (given in milliseconds) for an iOS app attestation request. | From 1 to MAXINT | 20000 |
attestationIosAppAttestAppId | An iOS app ID, which is a concatenation of:
| String |
# Application behaviour
The properties below represent base configurations, which determine your application's behaviour.
Property name | Description | Allowed values | Default value |
activationCodeLength | The length (in characters) that the generated activation code will be. | From 6 to MAXINT | 10 |
activationCodeType | The types of characters that can be used for the generated activation code. | ANY , NUMERIC , ALPHA , ALPHANUMERIC | NUMERIC |
allowedAuthMethods |
Allowed authentication methods, given as a comma separated list. It's mandatory to have DEVICE as an allowed authentication method. If you have a use case for a one-factor authentication you need to explicitly specify it in the start authentication request.
| For allowed values, see the Authentication methods section in our MobileID API reference documentation. | DEVICE , DEVICE:PIN , DEVICE:STRONG_TOUCH_ID , DEVICE:IOS_FACE_ID , DEVICE:ANDROID_BIOMETRIC_PROMPT |
allowedAuthMethodsForAuthAndActivate | Allowed authentication methods when adding a new authentication method, given as a comma separated list. All authentication methods specified here must be present in the allowedAuthMethods parameter.
| For allowed values, see the Authentication methods section in our MobileID API reference documentation. | DEVICE:PIN |
amountFailuresAllowed | The amount of failed authentications allowed for any client, before they are locked out. | From 0 to MAXINT | 3 |
encapApiBlacklistAndroid | Which Android client SDK versions to blocklist (sometimes referred to as blacklist). Devices running blocklisted versions will be rejected/denied. | Comma separated semantic version. Example: "3.5.3, 3.6.8" | |
encapApiBlacklistIos | Which iOS client SDK versions to blocklist (sometimes referred to as blacklist). Devices running blocklisted versions will be rejected/denied. | Comma separated semantic version. Example: "3.5.3, 3.6.8" | |
maxPinCodeLength | The maximum length (in characters) of the PIN code. | From 1 to MAXINT | 4 |
minimumRequiredEncapApiVersionAndroid | The minimum Android client SDK version allowed. This can only be used to narrow down the allowed Android SDK versions (not extend). Example: If the minimum supported client version on the server is "3.5.0" , and someone wants to only allow "3.6.0" , this can be achieved. However, specifying "3.3.0" would have no effect, as it is below the minimum supported client version on the server.
| Semantic version. Example: "3.7.0" | |
minimumRequiredEncapApiVersionIos | The minimum iOS client SDK version allowed. This can only be used to narrow down the allowed iOS SDK versions (not extend). Example: If the minimum supported client version on the server is "3.5.0" , and someone wants to only allow "3.6.0" , this can be achieved. However, specifying "3.3.0" would have no effect, as it is below the minimum supported client version on the server.
| Semantic version. Example: "3.7.0" | |
pinCodeLength | The minimum length (in characters) of the PIN code. Note: This parameter is a hint to the client, and is not enforced by the server. However, it is enforced in the client SDK. | From 1 to MAXINT | 4 |
pinCodeType | The types of characters that can be used for the PIN code. Note: This parameter is a hint to the client, and is not enforced by the server. However, it is enforced in the client SDK. | ANY , NUMERIC , ALPHA , ALPHANUMERIC | NUMERIC |
sessionExpiry | The amount of time (in milliseconds) that a new device operation session remains valid for. After this time has elapsed, the session can no longer be used for any operations. Note: This value cannot exceed the maximum configured value of 187200000 .
| From 1 to 187200000 | 187200000 |
maximumSessionExpiry | The maximum amount of time (in milliseconds) that the sessionExpiry can be set to. Note: This property cannot be configured using our MobileID Admin API. To update this value, please contact us at support@signicat.com. | From 1 to MAXINT | 187200000 |
clientDebugDataEnabledOsTypes | A comma-separated list of operating system types to enable client debug data for. It can be set for neither, one, or both platforms. Note: This property cannot be configured using our MobileID Admin API. To update this value, please contact us at support@signicat.com. | IOS , ANDROID |
# Clean-up of inactive devices
The properties below are used to configure MobileID's clean-up of inactive devices.
Property name | Description | Allowed values | Default value |
inactiveDeviceDeleteRetentionTime | The number of days that a device can be inactive before it is deleted. The inactive period starts from the time when the device was last used. |
From 365 to MAXINT | 365 |
# Geofencing configurations
The properties below are used to configure MobileID's geofencing feature for your application.
Property name | Description | Allowed values | Default value |
geofencingActivationMode | Determines if or how geofencing is used for registration. This is reflected in three different modes:
| REQUIRED , OPTIONAL , OFF | OFF |
geofencingActivationAllowedContinents | Comma-separated list of continents where registration is allowed, in a two-letter continent code format. | AF (Africa), AN (Antarctica), AS (Asia), EU (Europe), NA (North America), OC (Oceania), SA (South America)
| |
geofencingActivationAllowedCountries | Comma-separated list of countries where registration is allowed, in an ISO 3166-1 alpha-2 two-letter country code format. These countries are in addition to those covered by the allowed continents parameter. | You can find a list of countries and corresponding codes at GeoNames. | |
geofencingActivationDeniedCountries | Comma-separated list of countries where registration is not allowed, in an ISO 3166-1 alpha-2 two-letter country code format. These countries will be excluded from those covered by the allowed continents parameter. | You can find a list of countries and corresponding codes at GeoNames. | |
geofencingAuthenticationMode | Determines if or how geofencing is used for authentication. This is reflected in three different modes:
| REQUIRED , OPTIONAL , OFF | OFF |
geofencingAuthenticationAllowedContinents | Comma-separated list of continents where authentication is allowed, in a two-letter continent code format. | AF (Africa), AN (Antarctica), AS (Asia), EU (Europe), NA (North America), OC (Oceania), SA (South America)
| |
geofencingAuthenticationAllowedCountries | Comma-separated list of countries where authentication is allowed, in an ISO 3166-1 alpha-2 two-letter country code format. These countries are in addition to those covered by the allowed continents parameter. | You can find a list of countries and corresponding codes at GeoNames. | |
geofencingAuthenticationDeniedCountries | Comma-separated list of countries where authentication is not allowed, in an ISO 3166-1 alpha-2 two-letter country code format. These countries will be excluded from those covered by the allowed continents parameter. | You can find a list of countries and corresponding codes at GeoNames. | |
geofencingTimeout | The maximum time (given in milliseconds) to wait for the location lookup and reverse geocoding to complete on the SDK. The timing starts when the SDK calls the finish operation. If the timeout is exceeded, then the SDK will continue without a country. | From 0 to MAXINT | 10000 |
# Hardware-protected keys
The parameter below is used to configure MobileID's hardware protected keys feature for your application.
Property name | Description | Allowed values |
hwKeyValidationStrategy | Determines what to do with devices if the validation hardware-protected keys signature fails. The value SUPPORTED indicates that if the validation hardware-protected keys signature fails, then the device operation will fail. The result of the hardware signature validation is always returned as a part of the following risk attributes:
| SUPPORTED |
# Push configurations
For MobileID to send a push notification to your application, it needs to be specified in the application configuration. The process for this depends on if you are setting up for Android or for iOS:
For iOS, push notifications are set up with the Apple Push Notification Service (APNs). MobileID supports APNs tokens. These can be created within the Apple Developer Program Portal. You will need to share the following:
- APNs token
- Team ID
- Key ID
For Android, push notifications are set up with Firebase Cloud Messaging (FCM). This can be configured with your mobile application in the Firebase project console.
The properties below represent push configurations, which determine push notification functionality for your application. This table describes properties for both Android and iOS, so they may not all apply.
Property name | Description | Allowed values | Default value |
apnConfig | The APN server configuration that defines where to reach the APNs. | PRODUCTION , SANDBOX | PRODUCTION |
apnExpiry | The amount of time (in milliseconds) that APNs will try to deliver the message for. If not delivered within this time, then the message is discarded. Note: APNS will attempt to deliver the message at least once, regardless of the set expiration time. | From 1 to MAXINT | 1 |
apnsBundleId | Apple's bundle ID for the application. This is used as a topic on the push message sent to APNs, and is required when using APNs tokens. | String | |
apnsNotificationSoundEnabled | Determines whether a notification sound is played on iOS devices when the device receives a push message.
| true , false | true |
apnsTimeSensitiveInterruptionLevelEnabled | Sets the interruption level for push messages to iOS devices to 'time-sensitive'.
| true , false | false |
nativePushEnabled | Enables the server to send push messages with Firebase Cloud Messaging (FCM) or Apple Push Notification service (APNs). | true , false | false |
firebaseServiceAccount | The contents of the serviceAccount.json file (credentials file), for your Firebase Cloud Messaging (FCM) project. Note: This has to be supplied to us Base64-encoded. | String | |
firebaseTimeToLive | The maximum lifespan of the message (in milliseconds), for Firebase Cloud Messaging (FCM). The default value is 0 , which means to deliver the message "now or never". FCM guarantees best effort for messages with this lifespan.
| From 0 to MAXINT | 0 |
# Risk data configuration
A set of risk attributes can be collected for each operation.
The enabledRiskData
property is used to configure MobileID's risk data feature for your application. This determines which attributes are collected and returned in the operation response. See table below for possible values.
# How to configure risk data
You can update this parameter using the Update properties of application configuration endpoint in our MobileID Admin API.
# Always collected risk data
Some risk data is always collected, for debugging purposes. This means that for enabledRiskData
:
- If you leave this field empty (
null
), the always collected risk data will still be returned. - If you specify risk attributes, the always collected risk data will be returned in addition to those you have specified.
You can find a list of what risk data is always enabled in the MobileID API reference documentation. See risk attributes in the Common concepts section.
# Location risk data
Location (location
) is a risk data attribute that describes the location of the device used in the operation.
It is returned as its own object in the operation response instead of in the risk attributes (riskAttributes
) object.
You can enable location risk data by adding value location
to the enabled risk data (enabledRiskData
) in the application configuration, or by using value ALL
.
# Configurations
Property name | Description | Allowed values | Default value |
enabledRiskData | Determines which risk data to collect. You can either:
| ALL or Select specific attributes, given as a JSON array. In addition to location , see the risk attributes in the Common concepts of the MobileID API reference documentation for allowed values. or Leave this field empty ( null ).
|