API Key Rotation
The API keys that are used for SDK initialization may be rotated for security reasons. Please use the Incode dashboard to revoke keys and generate new ones.
Once an API key is revoked from the dashboard, all currently ongoing onboarding sessions that were using that API key will be aborted and the onError(Throwable) method on the IncodeWelcome.OnboardingListener() will get called.
This is the place where you should handle replacing the API key.
override fun onError(error: Throwable?) {
if (error is ApiKeyRotationException) {
// Your logic for the rotation of the key
}
}
@Override
public void onError(Throwable error) {
if (error instanceof ApiKeyRotationException) {
// Your logic for the rotation of the key
}
}
func onError(_ error: IncdFlowError) {
if error == .apiKeyRevoked(let apiKey) { // asociated value is the revoked api key
// Your logic for the rotation of the key
}
}
When a new API key has been obtained, the SDK should be reinitialized as such:
IncodeWelcome.Builder(application, apiUrl, apiKeyRotatedIn)
... // optional configuration
.build()
// SDK has been reinitialized successfully
new IncodeWelcome.Builder(getApplication(), apiUrl, apiKeyRotatedIn)
... // optional configuration
.build();
// SDK has been reinitialized successfully
IncdOnboardingManager.shared.initIncdOnboarding(url: url, apiKey: newApiKey) { (success, _) in
// SDK has been reinitialized successfully
}
Once the SDK has been reinitialized successfully, the old session can be restarted, or you can start a completely new onboarding session.
Updated 4 months ago