Skip to main content

Overview

This guide provides instructions for configuring SDK signing in the Apptrove iOS SDK to enhance the security of your integration. SDK signing authenticates API requests with a secretId and secretKey, ensuring that tracking data (e.g., installs, events) is securely attributed to your app and protected against unauthorized access.

Prerequisites

  • iOS 10.0 or later and Xcode 12.0 or later
  • Access to the Trackier Panel to retrieve secretId and secretKey
  • Basic knowledge of Swift and secure credential management

SDK Signing

SDK signing enhances the security of your Apptrove iOS SDK integration by authenticating API requests with a unique secretId and secretKey. This ensures that only legitimate data from your app is processed, preventing fraudulent attribution and unauthorized access.

Overview

  • Purpose: Authenticate SDK requests to Trackier's servers using unique credentials.
  • Benefits: Prevents spoofing, secures attribution, and protects API requests from unauthorized sources.

Step 1: Retrieve secretId and secretKey

  1. Log in to your Trackier Panel and select your application.
  2. In the Dashboard, click the three dots in the left bottom corner.
  3. Locate the SDK Key section and click on the Advanced tab to generate the credentials.
  4. Click the Add secret key button to generate the secretId and secretKey.
note

Refer to the screenshot in the Trackier Panel for visual reference when generating credentials.

Step 2: Configure SDK Signing

Set the secretId and secretKey in the TrackierSDKConfig during SDK initialization to enable SDK signing.

Swift Example

AppDelegate.swift
let config = TrackierSDKConfig(appToken: "xx-182a-4584-aca3-xx", env: TrackierSDKConfig.ENV_PRODUCTION)
config.setAppSecret(secretId: "xxxx", secretKey: "xxx-xx")
TrackierSDK.initialize(config: config)

Parameters

  • appToken: Your SDK key from the Trackier Panel.
  • env: Environment setting (ENV_DEVELOPMENT, ENV_TESTING, or ENV_PRODUCTION).
  • secretId: The unique identifier for SDK signing.
  • secretKey: The secret key paired with the secretId for authentication.

Best Practices

  • Keep Credentials Confidential: Never expose secretId or secretKey in client-side code or version control.
  • Use Secure Storage: Store credentials in iOS Keychain to prevent unauthorized access.
  • Rotate Keys Periodically: Regenerate the secretKey in the Trackier Panel if compromised or as a routine security measure.
  • Test in Development Mode: Use ENV_TESTING or ENV_DEVELOPMENT to validate SDK signing before deploying to production.

Troubleshooting

  • Authentication Failures: Verify that the secretId and secretKey match those generated in the Trackier Panel.
  • Tracking Data Rejected: Ensure setAppSecret is called before TrackierSDK.initialize and credentials are correctly set.
  • Exposed Credentials: If credentials are compromised, regenerate the secretKey immediately and update your app.

For further assistance, refer to the Trackier Documentation Portal or contact Trackier support at support@trackier.com.