Flutter Integration
Intro
The SDK can be integrated into a Flutter project.
How to start the SDK
- The most important thing is to start the SDK as soon as possible in your app flow. The reason for that is when your app will send an URL request to your server before the SDK was started, the request will not include the SDK’s HTTP headers. As a result, HUMAN’s Enforcer could block the request and the SDK will not be able to present a challenge to the user. The best place to start the SDK is in the:
Application
’sonCreate
function on Android.AppDelegate
’sdidFinishLaunchingWithOptions
function on iOS.
- You should start the SDK on the main thread.
- Create a
HumanManager
object that will handle calls from Flutter side. - On Android, register the
HumanManager
in theFlutterEngine
. - On iOS, setup the channel.
Here is an example of how it should be:
Android
Kotlin / MainApplication.kt:
Kotlin / HumanManager.kt:
Kotlin / MainActivity.kt:
iOS
Swift / HumanManager.swift:
Swift / AppDelegate.swift:
Let’s talk about what we have in the code here:
- We start the SDK as soon as possible and on the main thread.
- We create a
HSPolicy
instance. This object is used to configure the SDK’s behavior. Here, we set theHSAutomaticInterceptorPolicy/interceptorType
property toHSAutomaticInterceptorType/none
. This means that the Automatic Interception feature of the SDK is disabled. In short, this feature allows the SDK to manipulate URL requests and handle their responses by itself. However, this feature is not supported in Flutter. - We call the
HumanSecurity/start(appId:policy:)
function of the SDK. We provide the following parameters:- The
Application
instance (Android only). - Your AppID.
- The policy object that we configured.
- The
Note: If your app communicates with several servers that have different AppID, you can call the HumanSecurity/start(appIds:policy:)
function which allow you to pass an array of AppIDs. You should specify the relevant AppID for each API call in the SDK.
How to add HTTP headers and handle block response
In your Dart code, you should do the following:
- Crate a
MethodChannel
. - Add The SDK’s HTTP headers to your URL requests.
- When a request is blocked, send the block response to the SDK.
- Handle the challenge’s result.
Here is an example of how it should be:
Dart:
Understanding the block response
-
The HUMAN’s Enforcer, when it decides to block a request, returns a JSON string in the response’s body. The HTTP status code is 403. Here is an example of the response:
-
The JSON contains metadata for the SDK.
-
Your app should pass the whole JSON to the SDK via the
HSBotDefender/handleResponse(response:data:callback:)
function. Otherwise, the SDK won’t present a challenge to the user.