Onboard 3DS web domains

D1 SDK 4.0.0 and earlier: domain onboarding is required only for the platform authenticator.
D1 SDK 4.1.0 and later: domain onboarding is also required for the biometric authenticator (app-domain binding).

Domain onboarding creates a secure association between a web domain and your issuer application.

This association prevents unauthorized issuer applications from using your 3DS configuration.

Share the web domain with the Thales delivery team during D1 onboarding.

Platform authenticator

Android

Host assetlinks.json at:
https://<your-domain>/.well-known/assetlinks.json
Declare your issuer application association:
- package_name: your Android application ID (package name).
- sha256_cert_fingerprints: SHA-256 fingerprints of your signing certificate.

Generate the SHA-256 fingerprint using Java Keytool:

keytool -list -v -keystore my-release-key.keystore

You can declare multiple fingerprints on the issuer application.

Example assetlinks.json:

[
  {
    "relation": [
      "delegate_permission/common.handle_all_urls",
      "delegate_permission/common.get_login_creds"
    ],
    "target": {
      "namespace": "android_app",
      "package_name": "com.example.mybank",
      "sha256_cert_fingerprints": [
        "A4:D8:8F:E6:22:B2:43:C2:70:80:63:9A:28:0D:73:18:F5:0F:24:84:BE:D0:7D:71:28:24:1C:7C:8A:06:2D:C9"
      ]
    }
  }
]

Useful links:

iOS

Perform the following steps to onboard your domain:

Host apple-app-site-association at:
https://<your-domain>/.well-known/apple-app-site-association
Add the webcredentials service:

{
  "webcredentials": {
    "apps": ["ABCDE.com.company_name.app.demo"]
  }
}

The expected value is an appID in the <Application Identifier Prefix>.<Bundle Identifier> format.
This file may contain information pertaining to other services as well.

Enable the Associated Domains entitlement in your issuer application:

Useful links:

Biometric authenticator

This mandatory feature applies to D1 SDK 4.1.0 and later.

To associate a website with your app, you have to host the associated domain file on your website at at https://<your-domain>/.well-known/idcloud-site-links.

Example `idcloud-site-links`

This file format is similar to assetlinks.json (Android) and apple-app-site-association (iOS) files defined by Google and Apple respectively.

{
  "android": {
    "apps": [
      {
        "package_name": "com.example.mybank",
        "sha256_cert_fingerprints": [
          "A4:D8:8F:E6:22:B2:43:C2:70:80:63:9A:28:0D:73:18:F5:0F:24:84:BE:D0:7D:71:28:24:1C:7C:8A:06:2D:C9"
        ]
      }
    ]
  },
  "ios": {
    "webcredentials": {
      "apps": ["ABCDE.com.company_name.app.demo"]
    }
  }
}

Android: package_name must match your applicationId in build.gradle.
iOS: use the appID in <Application Identifier Prefix>.<Bundle Identifier> format.

PreviousInitial setup Next3. Initialization

Last updated 4 months ago

Was this helpful?