3. Getting Started

You’ll need the following development tools to develop an application using Bayun SDK:

Java Development Kit (JDK) version 8.
Android SDK version 5.0 (Lollipop, API version 21) or later, depending on your app’s requirements.
Gradle 2.4 or later. You can download gradle from gradle.org.
IntelliJ version 14 or later or Android Studio.
An Android device running Android 5.0 (Lollipop) or later.

3.1 Getting the Bayun SDK

Downloaded the Bayun SDK from Github.

Demo applications can be found in BayunSDK/Android/TestApps. The demo applications use the Bayun.aar to showcase common usage.

3.2 Register as Developer

Developer account facilitates the registration of applications with Bayun.

3.3 Register a new Application

To create an application on Bayun Console, you need to provide your Application name. Click on the "Create New Application" after providing your application name. The app name that you provide should preferably be the same name as the one used for the app on Play Store. Click on the "Create New Application" after providing your application name.

We provide you with an Application Id, Application Salt, Application Secret and Base URL when your app is registered with Bayun.

The Application Id, Application Salt, Application Secret and Base URL will be needed along with the other information when you login with Bayun's Lockbox Management Server to use Bayun features.

These should be kept secure. You MUST register every new app with Bayun, and use a different Application Id and Application Secret for every app. Otherwise the data security of your apps will potentially be compromised, and the admin-panel functionality of different apps (used as a dashboard by enterprise admins for control and visibility) is also likely to get mixed-up.

An Application Id uniquely identifies your app with Bayun across all platforms.

The Application Secret can have different Roles. Role defines the privileges an app will have when using a particular secret. Following are the Application Secret roles:

ACCESS: Secret with this role is required by an application to connect to Bayun's Server for logging-in a user, and access user’s lockbox. The app needs to provide secret with this role to the Bayun SDK for being able to make any calls on behalf of the logged-in user. So it must be there for any app that users interact with (e.g. web app, or mobile app). It works only for an existing user registered on Bayun server, and does not allow creation of a new user or new company. It is recommended that it be used as the only role granted to secret of a client side app that does not require onboarding new users.

CREATION: Secret with this role is required by an application to create new users and new companies on Bayun's server. The application needs to provide secret with this role to the Bayun SDK for being able to make any call that requires creation of new users (e.g. while using autoCreateEmployee in loginEmployeeWithPassword call for a user trying to log-in for the first time, or explicitly on-boarding a new user via register call who may or may not be trying to log-in). Since an app with this role is allowed to create new user identities, the key-pairs (privateKey and publicKey) for new users are generated under control of such an app. It can be used on either the client-side or server side application built by the developer. If used on the client-side (e.g. in a mobile-app), it is strongly recommended that the same secret not have the AUTHORIZATION role as well, and authorization for the user being on-boarded is done separately (preferably on the server side). This is to ensure that a rogue app can’t create spurious users using a stolen secret.

AUTHORIZATION: Secret with this role is required by an application to authorize on-boarding of new users and new companies on Bayun's server. The application needs to provide a secret with this role to the Bayun SDK for being able to make any call that requires authorization of new users being created (e.g. while using autoCreateEmployee in loginEmployeeWithPassword call itself, or explicitly calling authorizeEmployee). Before authorizing a new user account for onboarding, the app must validate that the same user is first authenticated using its own mechanism, and indeed authorized to create an account on Bayun server. It is recommended that this be used on the server side application built by the developer. If used on the client-side (e.g. in a mobile-app) for testing/trial purposes, it is strongly recommended that this secret is kept secure inside the app, and not hard-coded in the app's code. Its best if it is fetched by the app from developer's server only after authenticating the user.

If the app does not need to create new users (e.g. operating with existing users only, while new users are created elsewhere), then the app-secret for that app only needs the ACCESS role. If the application needs to allow creation of new users as well, besides allowing existing users to login, the recommended best practice is to create one secret with roles ACCESS and CREATION for use by this app on the client side. And a separate server-side app should then authorize creation of new users using an app-secret with the role AUTHORIZATION. This way the user key-pair is created on the client side with the server itself never getting access to the private key of the user even temporarily, and yet the server gets to ensure that the new user is indeed authorized to be created by the app to prevent a rogue app with stolen app secret from creating fake users.

If you are a beginner, it is recommended that you create one Application Secret with all the 3 roles enabled for getting started quickly. You can use this single application secret for all operations while testing the app. But do refine it with multiple app-secrets appropriately, for better security, before deploying the app to production.

You can also edit the app Name in Bayun Console.

Previous2. Quick Start Guide for Beginners Next4. Integrate Bayun SDK

Last updated 5 months ago

Was this helpful?