Learn how to implement Dateio Platform SDK quickly and easily

Bank backend is needed for security and monitoring reasons. Bank mobile apps are usually using a token (e.g. JWT) linked to individual client. This token should not be exposed to a 3rd party, since it could be theoretically exploited to act on client behalf.

Dateio and Bank also need a common X-client-id to identify the client across API calls, cards linked to client, transactions, and cashback payout. Dateio is not able to extract this client id from the bank mobile app token. Also, bank might want to monitor traffic or requests that SDK perform.

You can find more informations about Bank backend in this section.

User is identificated by token, which you will pass to SDK configuration. SDK sets it as a requests header. Then you need map this token to Client ID on Bank BE and send it to Dateio. Detailed flow is shown and described in this section.

SDK support also short lived tokens if token refreshment is needed via Configuration.setRefreshAuthHeadersCallback on Android and DateioSdkApiConfiguration protocol for iOS.

No. You should pass all necessary headers directly into SDK via Configuration. Rest assured that SDK don't send these request to any 3rd party - nor to monitoring tools, nor to Dateio only to your Bank backend that you configurated. When Bank backend receive request from SDK it is desirable to strip all sensitive headers that these headers might contain and then send request to Dateio API.

Before user enters into SDK and can see offers, you have to get client consent and register him to Dateio API. SDK contains functions for notifying Dateio about client registration and deregistration. Nevertheless you should keep stored these consents on bank side too. As there most likely will be regulatory compliance for it. For more informations see this section. SDK does not contain these screens since regulatory requirements may vary greatly per bank country or bank size.

Common errors might be:

• On Android you get Duplicate classes between kotlin-stdlib and kotlin-stdlib-jdk8. Caused by Paging Compose 3.2.1+ and fact that you use Kotlin 1.7.0. If you get this errror make sure you added constraints as described here.
• On Android you forgot to add ProGuard rules as described in this section.
• You can't connect to Bank BE - check that you propperly set Bank BE URL via Configuration.api.urlHost, you have allowed methods GET, POST and DELETE on Bank BE and that you use HTTPS. For security reasons, plain HTTP is not supported even for development. Also check typos in SSL pinning.
• You can connect to Bank BE, but you get 401 - make sure, that you propperly set user token via Configuration.setCustomHttpRequestHeaders or Configuration.setRefreshAuthHeadersCallback. Also, check that you have propper mapping token → X-client-id on Bank BE, you set it to header X-client-id on Bank BE and that you are able to call Dateio API from it.

You might use method DateioSdkApiConfiguration.sslPins from SDK for iOS or Configuration.sslPins for Android. On Android you also might use system settings via android:networkSecurityConfig. Limited to min. Android version API 24.

For Android it is Android API 23 for iOS 14.0.

You might change texts inside SDK without the need for a new build. On Android you might change texts inside strings.xml or similar file. For more informations see this section.

In iOS you might change texts via configuration file which implement protocol DateioSdkLocalizationConfiguration. For more informations see this section.

Please inform us about changes that you made so we can synchronize it in next release also on Dateio side.

Monitoring (e.g. Firebase Crashlytics, Dynatrace, or any other) should be already present in bank application for both platforms. Dateio should receive access to existing monitoring solution to ensure crash free user experience and help to resolve bugs. Access for Dateio might be restricted just to SDK part if possible.

Dateio very strongly recommends usage monitoring tool on the bank side as this solution ensure that no undesirable sensitive client data will be send to 3rd party. Bank audit could flag the absence of monitoring tool as undesirable.

Other option is report crashes manually to sdk-reports@dateio.eu. Nevertheless due to high manual intensity, this should be backup option. For more informations see this section.

It is application/json; charset=utf-8.
We use it even for dynamic images, e.g. user voucher QR or EAN codes. The byte array is encoded inside JSON.

Static images (e.g. offers images) are stored in AWS. If your application block resources that are not white listed, add these domains to your whitelist:

• files.node-uat.dateio.cz.s3.eu-central-1.amazonaws.com
• files.node-prod.dateio.cz.s3.eu-central-1.amazonaws.com

Dateio does not require regular updates since our API is versioned, so backwards compatibility is ensured. Only time when Dateio would require SDK update is when you have implemented version with significant error that prevent program usage or contain high level and above security issue. Other updates are on bank consideration, however updates are recommended to gain newest features and fixes.