This document provides informations of how to use the Subaio Fintech Bridge in your projects. There exists 3 Fintech Bridge libraries;
The libraries provides user interfaces, API integrations and other functionality related to Subaio. The purpose of the libraries is to reduce the implementation and maintenance cost the host applications, while enabling the Subaio application to evolve parallel with the host application. While there are slight differences between them because of differences in syntax and convention, the general structure is the same.
The fintech bridge is intended for embedding small, widget-like applications inside a larger app. The application is structured in the following parts:
SubaioManager: A singleton-class for global configuration of all subaio-views, authentication mangagement, as well as communication between views.SubaioView: A wrapper around a single embedded application.Including embedded applications thus requires including the bridge library, configuring the SubaioManager and instantiating a SubaioView.
Each bridge project includes an example project demonstrating how to use the manager and the views.
To better facilitate native transitions between pages, the subaio app is separated in pages that can be placed in separate view-controllers and pushed separately to the nagivation stack.
Each instance of an embedded view can be set to show a specific Page, defined by a name and optionally a set of parameters, e.g. new Page("OVERVIEW", null) or new Page("SUBSCRIPTION", new JSONObject(new HashMap() {{ put("subscriptionId", "..."); }})). The exact pages will depend on the application. For simple integrations where the views are simply started as new activities, the host application only need knowledge of the initial overview page, available as Page.overview() for convenience.
Views will push new pages using the onViewNavigated event.
Notifications for the embedded app should generally be implemented to pass name and params provided by subaio on to the host application to easily handle navigation. See the Push Notifications section for details.
The subaio views use JSON web tokens for authentication. All views use a shared token, administred by the SubaioManager. The tokens generally expire after one hour, so the SubaioManager has internal logic to automatically refresh the token when necessary.
The preferred method of obtaining a subaio token is to let the host application make an authenticated request to its own backend, which will then request a token from the subaio backend.
The host application is responsible for providing a callback for obtaining a token to the SubaioManager. This callback must handle three cases:
SubaioManager.getInstance().setToken should be invoked with the new token. This is distributed to the views and used for future requests.SubaioManager will try to request a new token later (likely after 1 minute).SubaioManager.getInstance().setToken should be invoked with null. Any active views are cleared of all data. The SubaioManager will stop requesting new tokens.Besides providing the callback, the host application should either invoke SubaioManager.getInstance().refreshToken or set token to null directly when the current user is unauthenticated.
See SubaioManager.TokenHandler.onTokenRequired.
SubaioManager
The following options needs to be provided to the SubaioManger before any views can be instantiated:
baseUrl: The URL where the embedded app is hosted.allowExternalUrls: (default false) Allow the embedded app to open arbitrary URLs on the phone. This is primarily used to help navigate the user to iTunes/Google Play subscription pages. This needs to be enabled for the embedded app to be fully functional.allowShare: (default false) Allow the embedded app to request a share dialog to share a message. This is primarily used to help the user help others to find their iTunes subscription page. This needs to be enabled for the app to be fully functional.language: (default null) A BCP-47 language tag. The language can be changed on the fly. If a language is not provided, views will stay in loading-state until one is provided.onTokenRequired: Callback to request a new token. See Authentication section and platform-specific documentation for details. The callback will be called whenever the SubaioManager needs new token information (including if the user is logged out). See SubaioManager.TokenHandler.onTokenRequired and the Authentication section.SSL pinning config: Bind SSL to select domains with predefined certificate hashes. This is only available on iOS and Android, with very different configurations. See SSL Pinning section.Example initialization (see app/src/main/java/com/subaio/example/LoadingActivity.java):
SubaioManager.getInstance().setLanguage("en");
SubaioManager.getInstance().setConfigurationHandler(new SubaioManager.ConfigurationHandler() {
@Override
public void onCompletion(SubaioManager.ConfigurationResult result) {
// Activity with SubaioView can now be started
}
});
final SubaioConfiguration config = new SubaioConfiguration("https://sales-widget.demo.subaio.com", false, false, false);
SubaioManager.getInstance().configure(config, new SubaioManager.TokenHandler() {
@Override
public void onTokenRequired(@NonNull String language) {
// Fetch a new token
}
});SubaioView
The SubaioView is a UIView that can be inserted in a controller. An example of a controller wrapping a navigation bar and a SubaioView can be found in app/src/main/java/com/subaio/example/SubaioActivity.java.
SubaioView can be added to an activity like a normal Layout. Setup requires setting a Page and a SubaioView.SubaioViewListener implementing event handlers like so:
subaioView.setPage(page)
subaioView.setListener(new SubaioView.SubaioViewListener() {
...
}The listener needs to handle the following events:
onViewNavigated: Handles navigation to a new Page. Should likely push a new controller to the navigtion stack.onViewDidSelectBack: Handles navigation back. Should likely be handled by popping the current view-controller from the stack.onViewChangedStatus: Called whenever the view changes status. It can be safely ignored. Can be used to implement a custom loading-screen by hiding the loading-screen and showing the view on a change to RUNNING or ERRORED, or to implement a custom error-screen by hiding the view and showing an error page on a change to ERRORED.onViewUpdatedTitle: Called whenever the view changes title. If a host application controlled navigation bar is used, this text should be shown there. Otherwise it can be safely ignored.onViewDidShare: Called when the view attempts to open a share dialog.onViewDidOpenUrl: Called when the view attempts to open an external URL.onViewDidReceiveError: Called whenever the view receives an error.
NO_TEMPLATE: Should be handled by showing an error page. Occurs when the SubaioManager has failed to download its initial payload.VIEW_TIMED_OUT: Should be handled by showing an error page. Occurs if the view fails to initialize after 30 seconds. Likely caused by a lack of network without a valid cache of the embedded app.INTERNAL_ERROR: Does not need to be handled as the SubaioView will show its own error page.The delegate may be implemented directly on the controller, as shown in the example.
Subaio is able to generate several different notifications, e.g.
These notifications are sent from Subaio to the backend of the host project, which in turn decides how/if the notification is presented to the user.
The push notification contains information identifying the user, a user facing message, and a payload with details regarding which component should be shown if the notification is activated.
To reduce the amount of maintenance required by the host project, the library provides a method that can be parsed the notification payload which then is turned into a navigation event to reuse the logic implemented there.
Configuration of SSL pinning is done through network_security_config.xml as a domain-config with pin-set. See app/src/main/res/xml/network_security_config.xml for example. Generally, subaio domains will be called <name>.<env>.subaio.com, with *.<env>.subaio.com sharing a single certificate.
Testing for external partners will generally be kept on *.qa.subaio.com and production will be run on *.prod.subaio.com. Note that some production services, e.g. error logging is still accessed by apps on *.qa.subaio.com, so *.prod.subaio.com should always be allowed.
| Interface | Description |
|---|---|
| SubaioManager.ConfigurationHandler |
Handle the async result of configuration.
|
| SubaioManager.TokenHandler |
Callback invoked when token needs to be refreshed.
|
| SubaioView.SubaioViewListener |
Event handlers for `SubaioView`
|
| Class | Description |
|---|---|
| Event |
Internal
|
| JWTPayload |
Internal
|
| Page |
Represents a specific page for a subaio-view with optional params.
|
| SubaioConfiguration |
Configuration passed to `SubaioManager.getInstance().configure`.
|
| SubaioManager |
Singleton-class for managing global setup of subaio-views.
|
| SubaioView |
A view for showing subaio-content.
|
| Token |
Internal
|
| Enum | Description |
|---|---|
| SubaioManager.ConfigurationResult |
Indicated if configuration was successful
|
| SubaioViewError |
An error either in the initialization or the execution of a `SubaioView`.
|
| ViewStatus |
Current status of a `SubaioView`.
|