SDK Integration
Start building your Fasstap™ integration.
SDK Integration
Start building your Fasstap™ integration.
The Fasstap™ SDK has to be integrated with third party application in order to initiate a transaction and this section describes the flow details in each step.
Setup Flow
There are some preliminary setup steps must be carried out before utilizing Fasstap™ SDK. Please perform the following steps in sequence:
- Client has to exchange the public PGP key with Soft Space.
- Client has to provide Soft Space the application's application ID by protecting it with PGP. We will be registering the application into the attestation service to make the application recognizable when the application performs attestation. Please note that altering the application ID upon registration will result in attestation failure, or SDK crashing.
- Client has to provide Soft Space the Fasstap™ app's signing keystore's public key. This key must be the same key that
will be used to sign the application before uploading to the Google Play Store. The following command can be used to
extract the public key:keytool -export -keystore path/to/keystore.keystore -alias yourAlias -rfc -file path/to/export.cert
 And upon extraction, the key shall be protected by PGP and send to Soft Space.
- Soft Space will be providing the SDK configurations, which they will be protected by using the PGP key that Soft Space has shared.
- Include Soft Space’s Maven repository in your project’s build configuration to enable pulling the SDK dependencies. The Maven repository username and password will be shared separately.// SS MPOC SDK maven { url "https://nexus.softspace.com.my/nexus/content/repositories/ssmpocsdk" credentials { username mvn_ssmpossdk_viewer_username password mvn_ssmpossdk_viewer_password } } // SS MPOS SDK maven { url "https://nexus.softspace.com.my/nexus/content/repositories/ssmpossdk" credentials { username mvn_ssmpossdk_viewer_username password mvn_ssmpossdk_viewer_password } }
- Make sure the minSdkVersionin your project's Gradle is 31 to 36.
- If your application’s minSdkVersionis below the SDKminSdkVersionrequirement and requires building with SDK libraries, you can set override using the below code inAndroidManifest.xml.AndroidManifest.xml<uses-sdk tools:overrideLibrary=" my.com.softspace.ssmpossdk, my.com.softspace.ssmpocsdk, my.com.softspace.SSMobileMPOSCore, my.com.softspace.SSMobileReaderEngine, my.com.softspace.SSMobileAndroidUtilEngine, my.com.softspace.SSMobileUIComponent, my.com.softspace.SSMobileThirdPartyEngine, androidx.security, com.visa"/>
- Set android:extractNativeLibinAndroidManifest.xmlto allow native libraries hash can be retrieve by SDK for verification.AndroidManifest.xml<application android:name=".SDKTesterApp" ...... android:extractNativeLibs="true">
- Make sure the sourceCompatibility and targetCompatibility under compileOptions are both targeting JavaVersion.VERSION_11.
- Include Fasstap MPOS SDK’s dependenciesimplementation 'my.com.softspace.ssmpossdk:ssmobile-mpos-sdk:4.0.0.0'
Init Flow
Upon completing Setup Flow, application project is now able to import and make use of Fasstap™ SDK API successfully. Figure below depicts the Fasstap™ SDK Initialization flow.
Application should start by setting up configuration object. Below is a sample snippet of codes that perform the configuration.
For more information about each configuration field, please take a look at SSMPOSSDKConfiguration.
                SSMPOSSDKConfiguration config = SSMPOSSDKConfiguration.Builder.create() 
    .setConfigurationToken("“xxxxx"”) 
    .setMPoCActivationToken("“xxxxx"”) 
    .setUniqueID("“xxxxx"”) 
    .setDeveloperID("“xxxxxxxxx"”) 
    .build(); 
SSMPOSSDK.init(context, config, new SSMPOSSDK.InitCallback() { 
    @Override 
      public void onInitSuccess(@Nullable SSMPOSSDK instance) { 
   } 
   @Override 
     public void onInitFailed(@Nullable Exception exception) { 
  } 
}); 
SSMPOSSDK.getInstance().startTransaction(context, trxParams, callback);
            Once the setup mentioned above are completed, application can then make call to init the Fasstap™ SDK, as below code.
                SSMPOSSDK.init(context, config, initCallback);
            After the initialization has carried out successfully, the application could then use
                SSMPOSSDK.getInstance();
            to obtain the SDK’s singleton representation to carry out any SDK’s action like attestation and transaction.
The SDK has handled most of the attestation properly, but there are some security measurements that needed to be implemented by the project instead. And below are the required handlings that needed to be added.
Making sure application is not multi-window supported. This can be done by adding code snippet below in your Android.manifest file.
                <application android:resizeableActivity="false">
    . . .
</application>
            Making sure the application is not running on a separate display (projection mode, for example). This can be done by adding the following code snippet as checking when transaction starts.
                DisplayManager dm = (DisplayManager) context.getSystemService(Context.DISPLAY_SERVICE);
Display[] allDisplays = dm.getDisplays();
for(Display display : allDisplays) {
    if ((display.getFlags() & Display.FLAG_PRESENTATION) == Display.FLAG_PRESENTATION) {
        return false;
    }    
}
return true;
            Codes above basically checking all the displays available in the system, aren’t running in presentation mode.
Application should also ensure that screen capturing function is disabled. This can be done by adding the following code
in your Activities’ onCreate method.
                getWindow().setFlags(WindowManager.LayoutParams.FLAG_SECURE, WindowManager.LayoutParams.FLAG_SECURE);
            Payment Flow
Upon initialization and attestation been carried out successfully, App may then request for payment action with Fasstap™ SDK. Figure below shows the payment flow using Fasstap™ SDK. The SDK will handle the NFC and card APDU challenging part, and the online request message shall be constructed by the SDK as well.
When the kernel has done processing the payment, it shall then require online authorization request (MPOS is currently supporting only Online Capability). The SDK will forward the request for Host Authorization. And the request message includes plenty of request tags and values. Data will be encrypted before forwarding to the Fasstap™ Server.
After capturing host response, SDK could verify the transaction status from host and then proceed with Fasstap™’s business logic.