Authorization for Online SDKs

The online SDKs function by communicating with the SenseCrypt server using an end-to-end encrypted protocol.

There are two methods available for authorization:

1. Mobile API Key - Configured in the app source code constants, this is the easiest method during development. Correspondingly, the mobile key is configured on the server as we saw in the server's Configuration section.

2. JWT Token - A JWT token mechanism allows you to use your own authorization mechanism. To use a device specific JWT, follow the following steps:

   1. Get the device ID by calling getDeviceId() from the mobile SDK.

   2. Pass the device ID along with authentication parameters (such as username/password) to your own application server.

   3. If authentication succeeds, make a server-to-server call from your application server to your SenseCrypt server's /gen-jwt end-point passing in the device ID as the instance_id. See the Using a JWT Token for Authorization section for more details. The server-to-server call can be authorized using the api_key that you defined in the Configuration section.

   4. Return the generated JWT token to the mobile device.

   5. Store the JWT token on the device for future use.

   6. When initializing the mobile SDK, pass the server URL along with Bearer your_jwt_token as the authentication parameter.

By default, the source code uses the Mobile API Key configured in the code constants. Since a JWT flow involves your own authentication, implementing such a flow is left to you. However, the mobile SDKs do support such a flow out of the box should you choose to implement it.