Documentation

vzp.api

The SDK is designed to manage a single user identity. There is no explicit support for managing multiple identities. If your application supports multiple identities you must take great care to avoid using the wrong key material.

create-sign-key-pairs

Why? Configure the key pairs used by the SDK. High stake and low stake key pairs will be generated internally for usage by the SDK. By default, the high stake key pair will be placed in StrongBox (Android) or the Secure Enclave (iOS). High stake SDK operations will need to use platform specific biometrics to gain permission to use the high stake private key for signing.

What? Configure the SDK high and low stake key pairs. iOS and Android have flags for configuring both the high and low stake key. Key pairs can be configured to require user presence, require device unlock, and invalidation if biometric enrollment changes. See platform specific SDK documentation below.

When? This is the first step do before attempting to use the SDK.

complete-task

High stake operation.

Why? The endorseByPhoneNr function starts micro-workflow during which user that is being endorsed may accept or reject the key, once the key is accepted, the current owner has to confirm that action. Only after the owner completes the "confirm" task, the target user receives the key.

What? Call the completeTask with task id and boolean (true for accepting; false for rejecting the key).

When? You can receive PersonaTask by subscribing to events or by calling getPersonaTasks.

See the page [Exception Reference]() for exceptions related to this operations.

endorse-by-phone-nr

Endorse another user via phone number. For key share, it must be friend. Returns the persona.

enroll-with-jwt

Why? The enrollment provides the Digital Key platform with the user ID and cryptographic data. The platform will use this data to verify signed requests coming from this combination of user ID and device.

What? Enroll a user and their device on to the Digital Key platform:

• user data comes from the claims presented in the JWT
• device data is the public key of a cryptographic key pair that is generated by the SDK for this specific device

Note: As part of the integration with OpenAM we expect certain claims inside of the user token, specifically:

• phone_number
• phonenumberverified

When the user already exists, the new public key for this specific device will be enrolled for that user.

When? This is the first step for users in the activation or acquisition of a Digital Key.

get-access-data

Why? This function allows you to see which assets you have access to.

emit-events

SYNC2 subscribe helper

SYNC2 subscribe. Analogous to