# Core operations
Page contents
# Introduction
On this page, you can learn about the different core operations that you can make with the SDK.
The activate and authentication processes are divided into multiple steps, which are performed as individual method calls on a controller.
Most calls are asynchronous, and the application is required to provide a block of code to be executed once each call has finished.
# Activation
# Overview
Activation is the first thing that your application will guide your end-user through when using Encap.
This process creates a link between your end-user’s device and the Encap authentication server. This will later be used to establish trust.
To activate the end-user’s device, your application will invoke three methods on the Controller
in succession. The process is as follows:
- Optional: Retrieve settings from the Encap server, such as activation code length and type.
- Register the end-user's device on Encap server. The Encap server will then pass information back which the API will use to establish trust.
- Activate the registration, using a selected authentication method and the information that was passed back in the previous step.
Note
Following these steps, the registration can now be used to authenticate the end-user that created it.
# How to implement
# Retrieve settings from Encap server (optional)
To begin the process, you can invoke loadConfig()
.
Note
It will return a LoadConfigResult object with information about the activation code length and type, so that the app can present the right keyboard and UI to be input.
Although this call is optional, it can can improve the end-user’s experience.
# Register the end-user's device on the Encap server
- Run the
startActivation()
operation. - If the
startActivation()
operation is successful, then aStartActivationResult
object is returned. This containsgetAuthMethodsForActivation()
, which is a list of authentication methods (AuthMethod
) available for the device.- The list of authentication methods is filtered so that only those configured for this
applicationId
and enabled on the device are returned. - If more than one method is available, your app may let the end-user choose what authentication method to use.
- The list of authentication methods is filtered so that only those configured for this
# Activate the the registration
Once the startActivation()
operation has been completed successfully, you can finish the process. To do this, run the finishActivation()
operation with the desired authentication method.
Use the correct type of ActivationParameter
for the authentication method, and fill in the required data.
Explore supported authentication methods
For supported authentication methods and additional details, see the Authentication methods page in our Encap SDK developer documentation.
Note
The device as an authentication method (AuthMethod.DEVICE
) will always be activated when activating a two-factor authentication method, such as PIN code and Biometric Prompt.
Example: How an activation could look like
// The activation code should come from another source, such as a web page.
controller.startActivation(activationCode, new AsyncCallback<StartActivationResult>() {
public void onFailure(final ErrorCodeException exception) {
// Handle the failure.
}
public void onSuccess(final StartActivationResult result) {
// Ready to continue to finishActivate. See result on how to proceed.
ActivationParameter activationParameter = new ActivationParameter(); // Use the right type here for the auth method you want.
controller.finishActivation(activationParameter, new AsyncCallback<FinishActivationResult>() {
public void onFailure(final ErrorCodeException exception) {
// Handle the failure.
}
public void onSuccess(final FinishActivationResult result) {
// The auth method is activated.
}
});
}
});
# Fetch the registrationId
After a successful activation, the registrationId
is stored on the controller.
Example: Fetch the registrationId
controller.getRegistrationId()
Note
The registrationId
is the same as the deviceId
and device_id
which is used in the REST APIs.
# Authentication
# Overview
Authentication is a process used to prove that the current end-user is the same as the one who performed the initial activation.
To authenticate the end-user, your application will invoke two methods on the Controller
in succession. The process is as follows:
- Identify who your end-user claims to be to the Encap server.
- The Encap server sends a challenge to the client API and a response is calculated.
- If the authentication succeeds, then the Encap server has indicated trust that you are interacting with the correct end-user.
# How to perform an authentication
# Start the authentication
To begin the process, you need to run the startAuthentication()
operation.
If the startAuthentication()
operation is successful, then a StartAuthenticationResult
object is returned. This has the following methods:
Method | Description |
---|---|
getAuthMethodsForAuthentication() | A list of authentication methods that you can use for this operation. The list of authentication methods is filtered so that only those configured for this applicationID , enabled on the device and activated are returned. |
getServerConfiguredAuthMethods() | A list of authentication methods configured in the applicationId .This list is not filtered based on the capabilities of the mobile device, nor on what authentication methods are activated. Example: You could use this to see if the mobile device has forgotten to add Fingerprint. |
# Finish the authentication
- Once the
startAuthentication
operation has been completed successfully, you can finish the process by running thefinishAuthentication()
operation.- You have to pass in the desired
AuthParameter
for one of the authentication methods returned fromgetAuthMethodsForAuthentication()
.
- You have to pass in the desired
- If the authentication operation is successful, then a
FinishAuthenticationResult
object is returned.
Example: How an authentication could look like
controller.startAuthentication(new AsyncCallback<StartAuthenticationResult>() {
public void onFailure(final ErrorCodeException exception) {
// Handle the failure.
}
public void onSuccess(final StartAuthenticationResult result) {
// Ready to continue to finishAuthenticate. See result on how to proceed.
AuthParameter authParameter = new AuthParameter(); // Use the right type here for the auth method you want.
controller.finishAuthentication(authParameter, new AsyncCallback<FinishAuthenticationResult>() {
public void onFailure(final ErrorCodeException exception) {
// Handle the failure.
}
public void onSuccess(final FinishAuthenticationResult result) {
// Successfully authenticated with auth method.
}
});
}
});
# Add or update
# Overview
The addOrUpdate
operation enables you to:
- Add (activate) another authentication method to an existing registration.
- Update an existing authentication method using the same authentication method. This is a special use case for updating the PIN code.
# Example use case
Your end-user wants add another authentication method to their existing registration. For example, they want to activate both the PIN code and the Biometrics authentication methods.
To do this, you could:
Activate the first authentication method (PIN code) as described in the PIN code activation section on our Authentication methods page.
Activate the second authentication method (Biometrics) from within your app using the
addOrUpdate
operation.
# How to implement
# Add another authentication to an existing registration
- Activate the PIN code as described in the PIN code activation section on our Authentication methods page.
- The end-user activates Biometrics in your app by calling
startAddOrUpdate
. - If the operation is successful, then a
StartAddOrUpdateResult
object is returned, similar to the result from theStartAuthentication()
operation. - Use the
getAllowedAuthMethodsToActivate()
parameter to select which authentication method to add, and look atgetAllowedAuthMethodsForAuthentication
to find an authentication method that is supported for authenticating in this case. - Once the start call has been successfully executed, call
finishAddOrUpdate
with theAuthParameter
for the authentication method that you want to authenticate with, and theActivationParameter
for the authentication method you want to activate.
Find activation and authentication parameters
To find the right activation parameters (ActivationParameter
) and authentication parameters (AuthenticationParameter
), see the Authentication methods page in our Encap SDK developer documentation.
- Upon a successful result, the new authentication method has now been activated and is ready to be used to authenticate the end-user.
Note
A single-factor authentication method cannot be used to add a two-factor authentication method.
You need to configure on the server which two-factor authentication methods can be used to add other two-factor authentication methods.
Other use cases
Another common use case is to update the end-user’s PIN code. You can read more about this in the Add or update (change PIN code) section on our Authentication methods page.
Example: How an add or update could look like
controller.startAddOrUpdate(null, new AsyncCallback<StartAddOrUpdateResult>() {
public void onFailure(final ErrorCodeException exception) {
// Handle the failure.
}
public void onSuccess(final StartAddOrUpdateResult result) {
// Ready to continue to finishAuthenticate. See result on how to proceed.
AuthParameter authParameter = new AuthParameter(); // Use the right type here for the auth method you want.
ActivationParameter activationParameter = new ActivationParameter(); // Use the right type here for the auth method you want.
controller.finishAddOrUpdate(authParameter, activationParameter, new AsyncStateChangedCallback<FinishAuthenticationResult>() {
public void onFailure(final ErrorCodeException exception) {
// Handle the failure.
}
public void onSuccess(final FinishAuthenticationResult result) {
// Successfully added auth method to registration.
}
public void onStateChanged(EncapController.State state) {
// Possibility to update UI.
}
});
}
});
# Deactivate
# Overview
The Controller
provides two different deactivation methods.
- Deactivate all authentication methods. This could be useful if:
- Your end-user no longer wants to have an account in your app and wants their data deleted.
- Deactivate a specified authentication method. This could be useful if:
- Your end-user no longer wants to use Biometrics. Your app could then allow the end-user to deactivate that authentication method.
- Your app no longer wants to support an authentication method. Your app could then call deactivate on that authentication method method.
Note: Typically, you may consider to rewrite the app instead, so that this does not end up in the flow.
You may require deactivation or reactivation if the end-user forgets the PIN code from their first activation. The scenario will then be identical to that of a first time activation.
# How to implement
# Deactivate the registration
Run the deactivate method to delete all registration data for the given registration, including all of the authentication methods.
- If the
localOnly
parameter is set to false, then the registration is removed both from the Encap server and locally. - If the
localOnly
parameter is set to true, then the registration will only be removed locally.
Our recommendation
It is advised to always try to deactivate towards the server.
If the server is down or an other abnormality prevents you from deactivating towards the server, you can perform a local deactivation as a fallback.
Example: How to deactivate the registration
final boolean deactivateOnlyLocally = false;
controller.deactivate(deactivateOnlyLocally, new AsyncCallback<DeactivateResult>() {
public void onFailure(final ErrorCodeException exception) {
// Handle the failure.
}
public void onSuccess(final DeactivateResult result) {
// Successfully deactivated.
}
});
# Deactivate a specified authentication method
- Run the
deactivate(AuthMethod,...)
method to deactivate a specific authentication method. The registration will stay intact. - The specified authentication method (
authMethod
) is removed both from the Encap server and locally.
Limitations
The device as an authentication method (AuthMethod.DEVICE
) is used for authentication towards the server, and cannot be deactivated by this method.
Example: How to deactivate a specified authentication method
controller.deactivate(AuthMethod.DEVICE_PIN, new AsyncCallback<DeactivateResult>() {
@Override
public void onFailure(@NonNull ErrorCodeException errorCodeException) {
// Handle the failure.
}
@Override
public void onSuccess(@NonNull DeactivateResult result) {
// Successfully deactivated.
}
});
# Cancel session
# Overview
You can use the cancelSession
operation to cancel the activation or authentication session on the server.
For example, you could use this when the client has been notified of a new transaction, but the user rejects it by pressing the cancel button.
# How to implement
- Run the
cancelSession()
operation. - The current activation or authentication session will now be cancelled on the server.
Example: How to cancel a session
controller.cancelSession(new AsyncCallback<CancelSessionResult>() {
@Override
public void onFailure(@NonNull ErrorCodeException errorCodeException) {
// Handle the failure.
}
@Override
public void onSuccess(@NonNull CancelSessionResult result) {
// Successfully deactivated.
}
});