Before initializing the SDK, you need to decide on an authorization method.
The web SDK offers two methods of authorization.
The first, most preferred and most secure method is to implement the authorization step in your backend solution and then provide the token to the front-end web SDK component. This is the Token Method.
The second method is to allow the web SDK to execute authorization from the UI. This is the API Key Method.
Warning: The API Key Method is extremely unsecure and is not recommended for production environments.
Contrary to what the name implies, you will still require an API key for this approach. The only difference is that the web SDK will never directly make use of the API key and will instead only receive a token.
Sybrin will provide you with an orchestration API endpoint, along with a personalized API key (If you have not received this, please contact us).
To use this method:
Excute a POST call to the authorization endpoint provided to you by Sybrin, adding your API key to an apiKey header on the request. The response will include a token (AuthToken property).
Provide the token returned from the API request to your front-end solution.
Set the token on the authToken property of your Sybrin.Biometrics.Options instance.
This method is much simpler, but also much less secure.
To use this approach:
Set the API key provided to you by Sybrin on the apiKey property of your Sybrin.Biometrics.Options instance.
Set the authorization endpoint provided to you by Sybrin on the authEndpoint property of your Sybrin.Biometrics.Options instance.
This is the preferred approach.
Please follow the steps described here. The JavaScript API may then be initialized as follows:
This approach is not secure and is not recommended for production environments.
Please follow the steps described here. The JavaScript API may then be initialized as follows: