SDK & Integration
| Question | Answer |
|---|---|
| Can mobile apps access SDK directly instead of through backend proxy? | No. The production environment only accepts requests from whitelisted IP addresses. Mobile and web apps have dynamic IPs that cannot be whitelisted. All SDK calls must be routed through your whitelisted backend servers. |
| Why are SDK buttons not clickable/unresponsive on Android? | Android’s tapjacking protection blocks user interactions when screen overlays are detected. Before launching the SDK, ensure all overlays are hidden — this includes chat heads, floating widgets, screen recording indicators, and any other overlay elements. |
| Why am I getting a 403 Forbidden error when accessing the SDK? | The SDK is only accessible from whitelisted IP addresses. Ensure your server’s IP address has been added to the whitelist and contact your account manager to verify or add IP addresses. |
SDK Customization & User Journey
| Question | Answer |
|---|---|
| Can the consent screen be skipped? | Yes, by toggling a parameter at the Create Journey API level (not within the SDK itself). This takes customers directly to the camera invocation screen. |
| Can the post-camera screens (uploading image and verification result) be skipped? | Yes, using parameters skipSuccessPage and skipResultPage in the Create Journey API. The SDK will redirect back to the bank’s app immediately after camera capture. |
| Can the logo be customized in the SDK? | Yes, the SDK allows changing the logo URL externally. The logo must be hosted on a public HTTPS URL. |
| Can the logo be hardcoded internally for individual banks? | No, the SDK does not support hardcoding logos internally for individual banks. |
| What theme and color customization options are available? | The SDK supports toggling between light and dark themes (changes entire background including pop-ups). Accent colors like button backgrounds can be changed. |
| Can font styles, font colors, and background colors be customized? | No, font styles, font colors, and certain background colors (such as the white card background) cannot be customized. |
Failure Handling & Blocking
| Question | Answer |
|---|---|
| What is the blocking mechanism for repeated failure attempts? | After 5 verification failures in a calendar day, ICP will block the user for 2 hours to prevent abuse. |
| Can banks customize/control the blocking parameters? | Currently no. ICP controls the core blocking rules and durations. Future configurability is being explored. |
| Do abandoned journeys (user cancellations) count as failures? | No, user journey cancellations (abandoned journeys) do not count as failures and are not restricted. |
| Does the SDK return specific error codes for timeouts and expired sessions? | Yes, the SDK returns specific error codes for conditions like timeouts and expired sessions. See Error Codes for details. |
| What provisions exist for fallback flows in case of SDK failures? | The error codes enable the bank’s app to detect failures and show appropriate messages or fallback authentication steps. |
SDK Integration & Version Management
| Question | Answer |
|---|---|
| Is SSL pinning required for SDK integration? | No, SSL pinning will be deprecated and removed. Skip it now to avoid rework. |
| What are the mandatory SDK initialization parameters? | Domain (FQDN) is mandatory. Other parameters are optional and allow null values for deprecated fields. |
| Will SDK upgrades require code changes? | No, SDK upgrades are designed to be non-breaking, requiring only version number updates unless explicitly communicated. |
| How will we receive SDK version updates and repository access? | Maven repository credentials and SDK version numbers will be shared promptly. Notifications for new releases will be communicated. |