Skip to content

Integration

Architecture overview

To access the XpressID service, Veridas will provide you with the following credentials:

  • XpressID_URL: This URL varies depending on the environment (sandbox: https://xpressid-web-work.eu.veri-das.com or production: https://xpressid-web.eu.veri-das.com), region, and other factors. Veridas will provide you with the appropriate URL based on your needs. Use this URL with the XpressID module for seamless integration.
  • XpressID_API_URL: This URL also varies depending on the environment and region (sandbox: https://api-work.eu.veri-das.com/xpressid or production: https://api.eu.veri-das.com/xpressid). It points directly to the XpressID application, specifically for the authentication API. Veridas will provide you with this URL as well.
  • API_KEY: This is a unique identifier for your client account. Keep this API key confidential and secure as it grants access to your XpressID services through the XpressID_API_URL.

To ensure compliance with Veridas' security protocols, clients must provide information regarding the server IPs where XpressID integration is planned. It's important to note that this security measure is exclusive to production environments and does not apply to the sandbox.

Achieving a functional integration of the XpressID service within a customer's infrastructure necessitates interaction with two key elements.

Authentication API

To obtain the access tokens necessary for the XpressID module, it is imperative that requests be initiated exclusively from your backend system. These requests should encompass your onboarding flow configuration. The API_KEY value is particularly crucial in this context. For enhanced security, it is strongly advised to implement precautionary measures, including incorporating a login step before accessing XpressID. Additionally, introducing a captcha step to mitigate potential abuse and enforcing a rate limit mechanism to prevent multiple requests from the same IP address are recommended practices.

Moreover, it is advisable to integrate Distributed Denial of Service (DDoS) mitigation measures to fortify the system against potential malicious attacks. These collective measures contribute to a robust security framework, safeguarding the XpressID integration and ensuring a secure and reliable operation of the service within your application's ecosystem.

XpressID Module

In this context, XpressID module is seamlessly integrated into the application as a library, using both the XpressID_URL and the ACCESS_TOKEN obtained during the authentication API step. The Android code for XpressID is designed for frontend implementation. However, to maintain security, refrain from including the API_KEY variable in the frontend. Manage the API_KEY exclusively within the backend, where robust security measures can be implemented to mitigate the risk of exposing confidential data through the frontend. A valid XpressID_URL and access token are essential for a successful launch, emphasizing the need for secure backend handling during the authentication process.


The recommended architecture of a solution with a native application using XpressID service should follow next diagram.

Alt

Interaction Description
1 The user logs in within your frontend application.
2 Your backend application requests a token from XpressID Auth API using the XpressID_API_URL and the API_KEY. You can check how the request is made here
3 XpressID Auth API returns the response for the token request.
4 Your backend application processes the response from the token request to return the ACCESS_TOKEN to your frontend application.
5 Your frontend application will use the XpressID_URL and the ACCESS_TOKEN to launch the XpressID Module. You can see how the module integration works here.
6 Module will notify your frontend application when the process is completed.

Module integration

The following steps present the preparations that must be made in order to use XpressID module within your Android application.
This subsection refers to the Your Frontend App (Native) block from the diagram above.

  1. Create a new Android project (or use an existing one).

  2. Add all XpressID-Android distributables (.aar/.jar) to the app/libs folder:

  3. Update app's build.gradle file to set the implementations of all .aar and .jar packages present in app/libs folder, adding next line:

    Groovy

      implementation fileTree(dir: 'libs', include: ['*.aar', '*.jar'])
    
    kts
      implementation(fileTree(mapOf("dir" to "libs", "include" to listOf("*.jar","*.aar"))))
    

  4. Add the XpressID module dependencies to app's build.gradle file:

    Groovy

      implementation "com.github.bumptech.glide:glide:4.12.0"
      implementation "com.airbnb.android:lottie:6.0.0"
      implementation "com.google.android.gms:play-services-mlkit-face-detection:16.2.1"
      implementation "net.lingala.zip4j:zip4j:2.9.1"
      implementation "com.squareup.okhttp3:okhttp:4.10.0"
      implementation "org.jetbrains.kotlinx:kotlinx-serialization-json:1.3.2"
      implementation "com.auth0.android:jwtdecode:2.0.1"
      implementation "androidx.legacy:legacy-support-v13:1.0.0"
    
    kts
      implementation ("com.github.bumptech.glide:glide:4.12.0")
      implementation ("com.airbnb.android:lottie:6.0.0")
      implementation ("com.google.android.gms:play-services-mlkit-face-detection:16.2.1")
      implementation ("net.lingala.zip4j:zip4j:2.9.1")
      implementation ("com.squareup.okhttp3:okhttp:4.10.0")
      implementation ("org.jetbrains.kotlinx:kotlinx-serialization-json:1.3.2")
      implementation ("com.auth0.android:jwtdecode:2.0.1")
      implementation ("androidx.legacy:legacy-support-v13:1.0.0")
    

  5. Update app's build.gradle dependency androidx.core:core-ktx to version 1.12.0.
    This will also require to set compileSdk 34.

  6. Add next block inside android section within app's build.gradle file:

    Groovy

      viewBinding {
        enabled = true
      }
    
    kts
      viewBinding {
        enable = true
      }
    

  7. Add largeHeap parameter into the AndroidManifest.xml as follows:

      <application
          android:largeHeap="true">
      </application>
    
  8. Add tools:replace parameter into the AndroidManifest.xml as follows:

      <application
          tools:replace="android:theme">
      </application>
    
  9. Implement the interface named XpressID.XpressIDDelegate.

  10. Call the module start method XpressID.start() using a valid XpressID_URL and access token. (See the integration example for more details).

Once the XpressID process completes or an error occurs, the callback method onXpressIDFinished() will be invoked by XpressID module; indicating whether the process has completed successfully or, on the contrary, there was an error.

Example: Module integration (Kotlin)

This example presents the minimal code you need to add to your Android application in order to run XpressID module and at this point you will need the XpressID_URL and a valid Access_Token.
This subsection refers to the steps 9 and 10 of the module integration section.

class MainActivity : XpressID.XpressIDDelegate, AppCompatActivity() {

    private val XPRESSID_URL = "Your XpressID_URL"
    private val ACCESS_TOKEN = "Your Access_Token"

    override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)
        setContentView(R.layout.activity_main)

        try {
            XpressID.start(this, this, XPRESSID_URL, ACCESS_TOKEN)
        } catch (error: Exception) {
            println(error)
        }
    }

    override fun onXpressIDFinished(successfully: Boolean, error: XpressIDError?) {
        println("onXpressIDFinished | successfully: $successfully | error: ${error?.message}")
    }
}