Request Filtering for mobile apps
A Public API Key is required to make identification requests from either your iOS or Android app. Using reverse engineering and other techniques, a malicious actor could extract the API key from your app and use it to make identification requests that will be billed to your account.
Use Request Filtering to prevent unauthorized use of your public API key. You can specify the mobile apps that alone are authorized to make identification requests using your API keys. Requests from other applications will be blocked and will not be billed.
Available only from Android SDK v2.4.0+ and iOS SDK v2.4.0+
Create Request Filtering rules
You can create Request filtering rules from your dashboard by specifying the package names (Android) or bundle IDs (iOS) of the respective mobile apps.
- From your dashboard, go to App Settings > Request Filtering > Mobile Apps
- Select CONFIGURE.
- Choose Default behavior
- Allow all except the ones listed below: Fingerprint will block the specified apps from making identification requests. Requests from all other apps will be allowed.
- Forbid all except the ones listed below: Fingerprint will allow only the specified apps to make identification requests. Requests from all other apps will be blocked.
- Specify the package names or bundle IDs of the respective apps. Wild cards are accepted.
- Click Save.
Unauthorized Identification Requests
With Request Filtering rules in place, when unauthorized apps make identification requests using your API key,
- These apps will receive a
PackageNotAuthorizederror. - You will not be billed for these unauthorized identification requests.
- Your API allowance will remain unaffected.
See Also
- For more information on handling errors when using Fingerprint SDK for Android, see Handling errors.
- For more information on handling errors when using Fingerprint SDK for iOS, see Handling errors.
Updated 11 days ago