device SDK

Introduction

The Device SDK is designed to prevent cheating from non-BitBoy devices. When used in conjunction with backend device verification services, it can verify whether the source is a legitimate BitBoy device, thereby ensuring a trusted dApp running environment and maintaining the security of the ecosystem.

Main Features

  • Device SDK signs device information

  • Device Verify validates signatures

Main Steps

Process diagram for dAPP to verify that a device request is trusted

Step Description

  1. When a dApp needs to verify if the device is a genuine BitBoy device (such as preventing requests from virtual machines or maliciously forged requests from non-BitBoy terminals), call the integrated device SDK in the dApp to obtain device signature and other information;

  2. When sending requests, the dApp can include the device signature information obtained in step 1 and send it to the business backend server (maintained by developers);

  3. The business backend server constructs specific requests and calls the BitBoy Device Verification Service API to obtain verification results.

These steps are only necessary when device identity verification is required (to avoid resource waste and occupation, the BitBoy Device Verification Service has call limitations and should not be called arbitrarily. It is recommended to use it only during necessary business processes).

Detailed Instructions

Usage Guide

  1. Apply and obtain app_key from the BitBoy Developer Application Management Console.

  2. Initialize SDK

Before using the SDK, you need to obtain an APP_KEY from the Developer Console. This is your application's unique identifier.

//sample code
BitboySDK sdk = new BitboySDK(context, "YOUR_APP_KEY");

  1. Generate Signature

When signature operation is needed, call the SDK's signing method:

//sample code
String signature = sdk.signMessage();

This method will return a signature string containing all necessary information.

Signatures cannot be reused. A new signature must be generated each time verification is required.

  1. Sending Signature to Verification Server

When sending requests to the BitBoy server, add the signature to the request header:

// sample code
HttpURLConnection connection = (HttpURLConnection) url.openConnection(); 
connection.setRequestProperty("message", signature); 
connection.setRequestProperty("sign", sdk.getSignature());

Please refer to the code example of Device SDK integration using React Native as an example

Important Notes

  • Please keep your APP_KEY secure and do not expose it or hard-code it in your application.

  • The signature verification service has usage limits and doesn't need to be called every time. Avoid frequent calls - it's recommended to use it only when necessary or cache results for a certain period.

  • The signature result includes timestamp information to prevent replay attacks. Please ensure to use the generated signature promptly.

Error Handling

The SDK may throw the following exceptions:

  • InvalidAppKeyException: Thrown when the provided app_key is invalid.

  • SignatureFailedException: Thrown when the signature process fails. Please ensure proper handling of these exceptions when using the SDK.

Support

If you encounter any issues while using the SDK, please contact the BitBoy Developer Support Team.

PreviousSDKsNextExample: React Native Integration with Device SDK

Last updated