Cotter's Android SDK helps you easily add a Biometric prompt or PIN fallback to your app. This is useful for protecting transactions or sensitive information like medical records.
There are major updates planned for this feature. Contact us in Slack so we can help you prepare for it.
Overview
Enabling PIN and Biometric using Cotter's Android SDK consists of:
Initializing Cotter
Calling functions to start Pin Enrollment and Biometric Enrollment
Verify Biometric or PIN before a transaction
Enabling and disabling Biometric or PIN in Settings
You can now use the SDK to enroll and verify Biometric and PIN for the user you just created.
Initialize
In your MainActivity, initialize Cotter with API keys, Cotter's URL to use (prod/test), and your User ID.
Production Endpoint: https://www.cotter.app/api/v0
Example:
Step 5: Enroll Biometric and PIN
to enroll both Biometric and PIN, start the PinEnrollment flow in your Activity, pass in the Callback Screen, and the Event Tag. Event Tag is used for your own logging, for example, a pin enrollment event can be called "PIN_ENROLLMENT_ANDROID" to tag a pin enrollment event from an Android device.
Example:
How PinEnrollment looks like
After entering the PIN, the user will automatically be prompted to Enroll Biometrics if the device supports it. Entering a PIN is required as a fallback method.
PinEnrollment Flow
Step 6: Verify Biometrics on Transactions
The PinVerification flow will automatically prompt for Biometric Verification if the user's device has an enrolled biometric, otherwise, it will fallback to entering PIN. Starting the PinVerification flow is exactly the same as starting the PinEnrollment flow.
In the verification page, there is a button called Forgot PIN . This is used to send a verification code to allow the user to reset their PIN.
setOnResetPin is used to set a callback function that will be called to reset the pin. You need to provide a function that follows the PinResetInterface. This function should call your server to initiate the PIN reset request.
When your onResetPin function is called, it should call your server, and your server needs to do the following:
Based on the currently logged-in user, find out the user's Email and name
Call Cotter's Reset PIN API to send the pin reset code
Receive the response from Cotter which contains the fields success, challenge_id, challenge
Call the callback.onSuccess with a JSONObject containing the following JSON object:
Example:
Reset PIN functionality is an update that is available starting from version 0.4.5
// Inside your app, use a button onClick that calls
// openEnroll to start the flow
public void openEnrollment(View view) {
Cotter.PinEnrollment.startFlow(view, Dashboard.class, "PIN_BIO_ENROLLMENT");
}
{
"success": true, // from the response from the Reset PIN API
"challenge_id": 123, // from the response from the Reset PIN API
"challenge": "abcde12345", // from the response from the Reset PIN API
"sending_method": "EMAIL",
"sending_destination": "[email protected]"
}
// In onCreate, set the onResetPin callback
protected void onCreate(Bundle savedInstanceState) {
Cotter.setOnResetPin(new PinResetInterface() {
@Override
public void onResetPin(User user, Callback callback) {
// 1. Call your server
// 2. Get the response from your server
// 3. Construct a JSONObject and pass it to callback.onSuccess
JSONObject req = new JSONObject();
try {
req.put("success", response.getBoolean("success"));
req.put("challenge_id", response.getInt("challenge_id"));
req.put("challenge", response.getString("challenge"));
req.put("sending_method", sendingMethod);
req.put("sending_destination", sendingDestination);
} catch (Exception e) {
callback.onError(e.toString());
}
callback.onSuccess(req);
}
});
}
// Inside your app, use a button onClick that calls
// openPinVerification to start the flow
public void openPinVerification(View view) {
Cotter.PinVerification.startFlow(view, Dashboard.class, "LOGIN");
}
