Application configuration
An application configuration is a specific set of application attributes for a mobile application. These attributes determine how the application should work.
How it works
MobileID comes with a standard application configuration. It is possible to change the default values in this configuration to suit your needs. To do this, you can either:
- Make changes to your application configuration using the Update properties of application configuration endpoint in our MobileID Admin API.
- Send your preferences to us by creating a support ticket in the Signicat Dashboard and and we will update them for you.
You can find an overview of all application configuration properties and their default values in the tables below.
Configurations
Account recovery
You can use the properties below to configure MobileID's Account recovery feature for your application.
To learn more, see our Account recovery feature documentation.
Property name | Description | Allowed values | Default value |
---|---|---|---|
recoveryEnabled | Enable users to set up cloud-based recovery credentials. | true , false | false |
recoveryCodeMinLength | The minimum length (in characters) of the recovery code. Note: This parameter is a hint to the client, and is not enforced by the server. However, it is enforced in the client SDK. | From 0 to MAXINT | 6 |
recoveryCodeMaxLength | The maximum length (in characters) of the recovery code. Note: This parameter is a hint to the client, and is not enforced by the server. However, it is enforced in the client SDK. | From 0 to MAXINT | 50 |
recoveryCodeFormat | The types of characters that can be used for the recovery code. Note: This parameter is a hint to the client, and is not enforced by the server. However, it is enforced in the client SDK. | ALPHA ,ALPHANUMERIC ,ANY ,NUMERIC | NUMERIC |
recoveryCodeAmountFailuresAllowed | The amount of failed recovery code attempts allowed for any client, before the recovery for the client is locked. | From 0 to MAXINT | 3 |
App attestation configurations
You can use the properties below to configure MobileID's App attestation feature for your application.
This table describes properties for both Android and iOS, so they may not all apply:
- For iOS devices, we use App Attest.
- For Android devices, we use Play Integrity.
To learn more, see our App attestation feature documentation.
Property name | Description | Allowed values | Default value |
---|---|---|---|
attestationAndroidPlayIntegrityMode | Determines whether Play Integrity attestation is performed, and how the request is handled. This is reflected in three different modes:
| REQUIRED ,OPTIONAL ,OFF | OFF |
attestationAndroidPlayIntegrityTimeout | The timeout (given in milliseconds) for a request made to Play Integrity. | 1 to MAXINT | |
attestationAndroidPlayIntegrityDecryptionKey | Play Integrity attestation decryption key, used to decrypt the integrity token. | Base64 encoded value | |
attestationAndroidPlayIntegrityVerificationKey | Play Integrity attestation verification key, used to validate the integrity token. | Base64 encoded value | |
attestationAndroidPackageName | The APK package name. This is required if attestationAndroidPlayIntegrityMode is set to REQUIRED or OPTIONAL . | String | |
attestationIosAppAttestMode | Determines whether Apple App Attest Service (used to validate whether an application runs on a real iOS device) is performed, and how the request is handled. This is reflected in three different modes:
| REQUIRED ,OPTIONAL ,OFF | OFF |
attestationIosAppAttestEnvironment | Determines the environment where an iOS app that uses App attestation validates itself. | PRODUCTION ,DEVELOPMENT | PRODUCTION |
attestationIosAppAttestTimeout | The timeout (given in milliseconds) for an iOS app attestation request. | From 1 to MAXINT | 20000 |
attestationIosAppAttestAppId | An iOS app ID, which is a concatenation of:
| String |
Application behaviour
You can use the properties below to configure your application's behaviour.
Property name | Description | Allowed values | Default value |
---|---|---|---|
activationCodeLength | The length (in characters) that the generated activation code will be. | From 6 to MAXINT | 10 |
activationCodeType | The types of characters that can be used for the generated activation code. | ANY ,NUMERIC ,ALPHA ,ALPHANUMERIC | NUMERIC |
allowedAuthMethods | Allowed authentication methods, given as a comma separated list. It's mandatory to have DEVICE as an allowed authentication method. If you have a use case for a one-factor authentication you need to explicitly specify it in the start authentication request. | For allowed values, see the Authentication methods section in our MobileID API reference documentation. | DEVICE ,DEVICE:PIN ,DEVICE:STRONG_TOUCH_ID ,DEVICE:IOS_FACE_ID ,DEVICE:ANDROID_BIOMETRIC_PROMPT ,DEVICE:SERVER_SIDE_FACE |
allowedAuthMethodsForAuthAndActivate | Allowed authentication methods when adding a new authentication method, given as a comma separated list. All authentication methods specified here must be present in the allowedAuthMethods parameter. | For allowed values, see the Authentication methods section in our MobileID API reference documentation. | DEVICE:PIN ,DEVICE:SERVER_SIDE_FACE |
amountFailuresAllowed | The amount of failed authentications allowed for any client, before they are locked out. | From 0 to MAXINT | 3 |
encapApiBlacklistAndroid | Which Android client SDK versions to blocklist (sometimes referred to as blacklist). Devices running blocklisted versions will be rejected/denied. | Comma separated semantic version. Example: "3.5.3, 3.6.8" | |
encapApiBlacklistIos | Which iOS client SDK versions to blocklist (sometimes referred to as blacklist). Devices running blocklisted versions will be rejected/denied. | Comma separated semantic version. Example: "3.5.3, 3.6.8" | |
maxPinCodeLength | The maximum length (in characters) of the PIN code. | From 1 to MAXINT | 6 |
minimumRequiredEncapApiVersionAndroid | The minimum Android client SDK version allowed. This can only be used to narrow down the allowed Android SDK versions (not extend). Example: If the minimum supported client version on the server is "3.5.0" , and someone wants to only allow "3.6.0" , this can be achieved. However, specifying "3.3.0" would have no effect, as it is below the minimum supported client version on the server. | Semantic version. Example: "3.7.0" | |
minimumRequiredEncapApiVersionIos | The minimum iOS client SDK version allowed. This can only be used to narrow down the allowed iOS SDK versions (not extend). Example: If the minimum supported client version on the server is "3.5.0" , and someone wants to only allow "3.6.0" , this can be achieved. However, specifying "3.3.0" would have no effect, as it is below the minimum supported client version on the server. | Semantic version. Example: "3.7.0" | |
pinCodeLength | The minimum length (in characters) of the PIN code. Note: This parameter is a hint to the client, and is not enforced by the server. However, it is enforced in the client SDK. | From 1 to MAXINT | 6 |
pinCodeType | The types of characters that can be used for the PIN code. Note: This parameter is a hint to the client, and is not enforced by the server. However, it is enforced in the client SDK. | ANY ,NUMERIC ,ALPHA ,ALPHANUMERIC | NUMERIC |
sessionExpiry | The amount of time (in milliseconds) that a new device operation session remains valid for. After this time has elapsed, the session can no longer be used for any operations. Note: This value cannot exceed the maximum configured value of 187200000 . | From 1 to 187200000 | 187200000 |
maximumSessionExpiry | The maximum amount of time (in milliseconds) that the sessionExpiry can be set to.Note: This property cannot be configured using our MobileID Admin API. To update this value, you need to contact us by creating a support ticket in the Signicat Dashboard. | From 1 to MAXINT | 187200000 |
clientDebugDataEnabledOsTypes | A comma-separated list of operating system types to enable client debug data for. It can be set for neither, one, or both platforms. Note: This property cannot be configured using our MobileID Admin API. To update this value, you need to contact us by creating a support ticket in the Signicat Dashboard. | IOS ,ANDROID |
Clean-up of inactive devices
You can use the property below to configure MobileID's clean-up of inactive devices.
Property name | Description | Allowed values | Default value |
---|---|---|---|
inactiveDeviceDeleteRetentionTime | The number of days that a device can be inactive before it is deleted. Note: The inactive period starts from the time when the device was last used. | From 365 to MAXINT | 365 |
Face authentication
You can use the property below to configure MobileID's Face authentication feature for your application.
To learn more, see our Face authentication feature documentation.
Property name | Description | Allowed values | Default value |
---|---|---|---|
serverSideFaceEnabled | Determines whether the server can use the Face authentication feature. | true ,false | true |
Geofencing configurations
You can use the properties below to configure MobileID's Geofencing feature for your application.
To learn more, see our Geofencing feature documentation.
Property name | Description | Allowed values | Default value |
---|---|---|---|
geofencingActivationMode | Determines if or how geofencing is used for registration. This is reflected in three different modes:
| REQUIRED ,OPTIONAL ,OFF | OFF |
geofencingActivationAllowedContinents | Comma-separated list of continents where registration is allowed, in a two-letter continent code format. | AF (Africa),AN (Antarctica),AS (Asia),EU (Europe),NA (North America),OC (Oceania),SA (South America) | |
geofencingActivationAllowedCountries | Comma-separated list of countries where registration is allowed, in an ISO 3166-1 alpha-2 two-letter country code format. These countries are in addition to those covered by the allowed continents parameter. | You can find a list of countries and corresponding codes at GeoNames. | |
geofencingActivationDeniedCountries | Comma-separated list of countries where registration is not allowed, in an ISO 3166-1 alpha-2 two-letter country code format. These countries will be excluded from those covered by the allowed continents parameter. | You can find a list of countries and corresponding codes at GeoNames. | |
geofencingAuthenticationMode | Determines if or how geofencing is used for authentication. This is reflected in three different modes:
| REQUIRED ,OPTIONAL ,OFF | OFF |
geofencingAuthenticationAllowedContinents | Comma-separated list of continents where authentication is allowed, in a two-letter continent code format. | AF (Africa),AN (Antarctica),AS (Asia),EU (Europe),NA (North America),OC (Oceania),SA (South America) | |
geofencingAuthenticationAllowedCountries | Comma-separated list of countries where authentication is allowed, in an ISO 3166-1 alpha-2 two-letter country code format. These countries are in addition to those covered by the allowed continents parameter. | You can find a list of countries and corresponding codes at GeoNames. | |
geofencingAuthenticationDeniedCountries | Comma-separated list of countries where authentication is not allowed, in an ISO 3166-1 alpha-2 two-letter country code format. These countries will be excluded from those covered by the allowed continents parameter. | You can find a list of countries and corresponding codes at GeoNames. | |
geofencingTimeout | The maximum time (given in milliseconds) to wait for the location lookup and reverse geocoding to complete on the SDK. The timing starts when the SDK calls the finish operation. If the timeout is exceeded, then the SDK will continue without a country. | From 0 to MAXINT | 10000 |
Hardware-protected keys
You can use the property below to configure MobileID's Hardware-protected keys feature for your application.
To learn more, see our Hardware-protected keys feature documentation.
Property name | Description | Allowed values |
---|---|---|
hwKeyValidationStrategy | Determines what to do with devices if the validation hardware-protected keys signature fails. The value SUPPORTED indicates that if the validation hardware-protected keys signature fails, then the device operation will fail. The result of the hardware signature validation is always returned as a part of the following risk attributes:
| SUPPORTED |
Push configurations
You can use the properties below to configure push notifications for your application.
This table describes properties for both Android and iOS, so they may not all apply:
- For iOS devices, we use Apple Push Notification service (APNs).
- For Android devices, we use Firebase Cloud Messaging (FCM).
How to set up for iOS
MobileID supports APNs tokens which can be created within the Apple Developer Program Portal. You will need to share the following:
- APNs token
- Team ID
- Key ID
How to set up for Android
You can configure FCM with your mobile application in the Firebase project console.
Property name | Description | Allowed values | Default value |
---|---|---|---|
apnConfig | The APN server configuration that defines where to reach the APNs. | PRODUCTION ,SANDBOX | PRODUCTION |
apnExpiry | The amount of time (in milliseconds) that APNs will try to deliver the message for. If not delivered within this time, then the message is discarded. Note: APNS will attempt to deliver the message at least once, regardless of the set expiration time. | From 1 to MAXINT | 1 |
apnsBundleId | Apple's bundle ID for the application. This is used as a topic on the push message sent to APNs, and is required when using APNs tokens. | String | |
apnsNotificationSoundEnabled | Determines whether a notification sound is played on iOS devices when the device receives a push message.
| true ,false | true |
apnsTimeSensitiveInterruptionLevelEnabled | Sets the interruption level for push messages to iOS devices to 'time-sensitive'.
| true ,false | false |
nativePushEnabled | Enables the server to send push messages with Firebase Cloud Messaging (FCM) or Apple Push Notification service (APNs). | true ,false | false |
firebaseServiceAccount | The contents of the serviceAccount.json file (credentials file), for your Firebase Cloud Messaging (FCM) project.Note: This has to be supplied to us Base64-encoded. | String | |
firebaseTimeToLive | The maximum lifespan of the message (in milliseconds), for Firebase Cloud Messaging (FCM). The default value is 0 , which means to deliver the message 'now or never'. FCM guarantees best effort for messages with this lifespan. | From 0 to MAXINT | 0 |
Risk data configuration
A set of risk attributes can be collected for each operation.
The enabledRiskData
property is used to configure MobileID's risk data feature for your application. This determines which attributes are collected and returned in the operation response. See table below for possible values.
How to configure risk data
You can update this parameter using the Update properties of application configuration endpoint in our MobileID Admin API.
Always collected risk data
Some risk data is always collected, for debugging purposes. This means that for enabledRiskData
:
- If you leave this field empty (
null
), the always collected risk data will still be returned. - If you specify risk attributes, the always collected risk data will be returned in addition to those you have specified.
You can find a list of what risk data is always enabled in the MobileID API reference documentation. See Risk attributes in the Common concepts section.
Location risk data
Location (location
) is a risk data attribute that describes the location of the device used in the operation.
It is returned as its own object in the operation response instead of in the risk attributes (riskAttributes
) object.
You can enable location risk data by adding value location
to the enabled risk data (enabledRiskData
) in the application configuration.
Configurations
Property name | Description | Allowed values | Default value |
---|---|---|---|
enabledRiskData | Determines which risk data to collect. You can either:
| Select specific attributes, given as a JSON array. In addition to location , see the Risk attributes in the Common concepts section of the MobileID API reference documentation for allowed values.or Leave this field empty ( null ). |