Secure counting REST APIs
After you've integrated secure counting in your iOS app, you can check the counts for devices server side. If you detect that a device has added too many cards for this device or logged in with too many different accounts, you can act on it appropriately (e.g., deny the transaction or challenge them with Card Verify). You can also increment counts for your iOS clients server-side for a more secure integration.
To access secure counts, you can use two API calls:
Get the current counts for a device. Note: we use POST because the DeviceCheck tokens can be large (4KB), but this request is idempotent.
curl -X POST "https://api.getbouncer.com/v1/secure_counting/test_vendorid"
-H "Content-Type: application/json"
-H "Authorization: Bearer API_KEY"
-d '{ "devicecheck_token": "test_devicecheck_token"}'
A SecureCount response JSON object
counts (Map[event: string, Map["count": int, "maximum": int]]) A map of events, each event has a current count and a maximum for the maximum value that this count can reach.
last_reset_at (string) ISO8601 format of the timestamp when we detected the last device factory reset or app uninstall.
Success
{
"counts": {
"cards_tokenized": {"count": 4, "maximum": 7},
"successful_logins": {"count": 2, "maximum": 11}
},
"last_reset_at": null
}
Invalid device check token If the DeviceCheck token failed Apple's basic validation we return an error
{
"failure_reasons": ["invalid_devicecheck_token"]
}
event (string) The event that you want to increment a count for
user_id (string) The userId for the current user
curl -X POST "https://api.getbouncer.com/v1/secure_counting/test_vendorid/increment"
-H "Content-Type: application/json"
-H "Authorization: Bearer API_KEY"
-d '{ "devicecheck_token": "test_devicecheck_token", "event": "card_tokenized", "user_id": "kingst"}'
A SecureCount response JSON object
counts (Map[event: string, Map["count": int, "maximum": int]]) A map of events, each event has a current count and a maximum for the maximum value that this count can reach.
last_reset_at (string) ISO8601 format of the timestamp when we detected the last device factory reset or app uninstall.
Success
{
"counts": {
"cards_tokenized": {"count": 5, "maximum": 7},
"successful_logins": {"count": 2, "maximum": 11}
},
"last_reset_at": "2019-10-23T00:48:07+0000"
}
Invalid device check token If the DeviceCheck token failed Apple's basic validation we return an error
{
"failure_reasons": ["invalid_devicecheck_token"]
}
Last modified 3yr ago