Links

Secure counting REST APIs

After you've integrated secure counting in your iOS app, you can check the counts for devices server side. If you detect that a device has added too many cards for this device or logged in with too many different accounts, you can act on it appropriately (e.g., deny the transaction or challenge them with Card Verify). You can also increment counts for your iOS clients server-side for a more secure integration.
To access secure counts, you can use two API calls:

POST /v1/secure_counting/:vendor_id

Get the current counts for a device. Note: we use POST because the DeviceCheck tokens can be large (4KB), but this request is idempotent.

Request

Authentication required, Vendor ID from the iOS device for the path of the object.

Fields

devicecheck_token (string) The DeviceCheck token obtained from the iOS device.

Sample Request

curl -X POST "https://api.getbouncer.com/v1/secure_counting/test_vendorid"
-H "Content-Type: application/json"
-H "Authorization: Bearer API_KEY"
-d '{ "devicecheck_token": "test_devicecheck_token"}'

Response

A SecureCount response JSON object

SecureCount

counts (Map[event: string, Map["count": int, "maximum": int]]) A map of events, each event has a current count and a maximum for the maximum value that this count can reach.
last_reset_at (string) ISO8601 format of the timestamp when we detected the last device factory reset or app uninstall.

Response Examples

Success
{
"counts": {
"cards_tokenized": {"count": 4, "maximum": 7},
"successful_logins": {"count": 2, "maximum": 11}
},
"last_reset_at": null
}
Invalid device check token If the DeviceCheck token failed Apple's basic validation we return an error
{
"failure_reasons": ["invalid_devicecheck_token"]
}

POST /v1/secure_counting/:vendor_id/increment

Request

Authentication required, Vendor ID from the iOS device for the path of the object.

Fields

devicecheck_token (string) The DeviceCheck token obtained from the iOS device.
event (string) The event that you want to increment a count for
user_id (string) The userId for the current user

Sample Request

curl -X POST "https://api.getbouncer.com/v1/secure_counting/test_vendorid/increment"
-H "Content-Type: application/json"
-H "Authorization: Bearer API_KEY"
-d '{ "devicecheck_token": "test_devicecheck_token", "event": "card_tokenized", "user_id": "kingst"}'

Response

A SecureCount response JSON object

SecureCount

counts (Map[event: string, Map["count": int, "maximum": int]]) A map of events, each event has a current count and a maximum for the maximum value that this count can reach.
last_reset_at (string) ISO8601 format of the timestamp when we detected the last device factory reset or app uninstall.

Response Examples

Success
{
"counts": {
"cards_tokenized": {"count": 5, "maximum": 7},
"successful_logins": {"count": 2, "maximum": 11}
},
"last_reset_at": "2019-10-23T00:48:07+0000"
}
Invalid device check token If the DeviceCheck token failed Apple's basic validation we return an error
{
"failure_reasons": ["invalid_devicecheck_token"]
}
Last modified 2yr ago