You can integrate the SDK into an Expo project. This article explains how to integrate and implement the HUMAN Expo SDK wrapper into an Expo app.
To integrate the HUMAN SDK into your Expo app, follow these steps:
The config plugin is available starting from version 1.0.8 and later. If you are using an earlier version (1.0.2 – 1.0.6), skip this step and continue to Step 3.
Add the plugin to your Expo config (app.json or app.config.js) so the Android dependency repository is automatically configured:
Without this step, Android builds will fail to resolve the HUMAN SDK dependency.
Generate the native project files:
If your project does not use expo prebuild, you must manually add the HUMAN Maven repository so Android can resolve the SDK dependencies.
Add the following line everywhere you define repositories (for example, in settings.gradle, build.gradle, or module-level Gradle files):
The config plugin automatically adds this repository during npx expo prebuild. In custom or bare workflows, this must be added manually to ensure proper Android dependency resolution.
The HUMAN Security Expo Mobile API offers the following functions:
The most important step is to start the SDK as early as possible in your app flow. If your app sends a URL request to your server before the SDK starts, the attached headers won’t include the latest updated tokens. As a result, HUMAN’s Enforcer could block the request, and the SDK won’t be able to present a challenge to the user. Also, be sure to start the SDK only once.
To set it up, call startWithAppId in your Expo main entry point (index.tsx) or at the starting point of your app, where you register and initialize one-time services. It’s better to start the SDK outside of any UI component to avoid lifecycle issues.
Don’t forget to change the <APP_ID> to your own appID.
Currently, the HSPolicy class includes two settings:
For example:
Here’s what the code includes:
startWithAppId function of the SDK is called with the following parameters::
HSPolicy instance configures the SDK’s behavior. This object defines settings such as hybridAppPolicy.webRootDomains, indicating that the app uses WebViews containing pages from a domain also protected by HUMAN Security, which is considered hybrid mode. Additionally, detectionPolicy is configured to send touch and motion data. If these parameters aren’t needed, you can simply omit the policy.If your app communicates with multiple servers that use different appIDs, you can call HumanSecurity/startWithAppIds(appIds: string[], policy?: HSPolicy): Promise<void>. This lets you to pass an array of appIDs. In this case, you must specify the relevant appID for each API call to the SDK. If you have only one appID, providing it in most functions is optional.
axios, you might need to call JSON.stringify(error.response?.data) before passing the response body to the SDK. Additionally, in Axios, the catch block handles blocked responses because it indicates a failed request.The following are examples using either a fetch API or using axios.
Here’s what the code includes:
canHandleResponse. If canHandleResponse returns true, handleResponse is called to present the challenge to the user.HSBotDefenderChallengeResult can be one of the following:
handleResponse function.Note that you can await handleResponse, but in this case, you would be waiting until the user solves the challenge. You can also continue your flow and handle the result in the .then block, as shown in the example.
response in a string format, along with the status code and URL, to the SDK via the following. Otherwise, the SDK won’t present a challenge to the user.You can set custom parameters to configure HUMAN’s backend with additional values. To do so:
startWithAppId, call setCustomParameters.For example:
Bot Defender provides several delegates, or callbacks, to notify about events related to headers and challenges. These callbacks are mainly intended for analytics and statistics rather than for taking specific actions. In the Expo library, these callbacks work as events.
To listen to a specific event, you must add a listener for it. When the event triggers, you can log or handle the result accordingly. Be sure to remove the listener when leaving the context to avoid memory leaks.
Below is an example implementation for listening to all events and also how to handle a single specific event.
If you only want to listen to a single specific event, you can do the following:
In order to enable Account Defender, you should set the UserID of your current logged-in user in the SDK. When the user logs out, make sure to call the function with null to clear the user ID. For example:
In order to allow Account Defender to protect the user’s account, your app must provide the SDK with outgoing URL requests. This should be done after you set the user id.
Here’s what the code includes:
Call the HumanSecurity.AD.registerOutgoingUrlRequest(url: string, appId?: string): void function before sending the URL request. If you’re using a custom HttpClient service, add this function to the request interceptor.
You can set additional data to configure HUMAN’s backend with extra parameters.
To do so, call HumanSecurity.AD.setAdditionalData(parameters: { [key: string]: string }, appId?: string): void after calling HumanSecurity.startWithAppId(appId: string, policy?: HSPolicy): Promise<void>.
For example:
You can simulate a challenge to test the integration. To do so, follow the steps in our help article.