Verisoul provides a native iOS SDK that allows you to implement fraud prevention in your iOS applications. This guide covers the installation, configuration, and usage of the Verisoul iOS SDK.

System Requirements

  • iOS Version: iOS 15.0 or higher
    • Apple significantly improved security measures in iOS 15, including App Attest and Device Check
    • 99% of iOS devices run iOS 15 or higher
    • We highly recommend using iOS 15 or higher for optimal security features
  • Xcode: Version 15.0 or higher

Installation

You can install VerisoulSDK in your iOS project using either CocoaPods or Swift Package Manager.

CocoaPods

To integrate VerisoulSDK with CocoaPods:
  1. Ensure CocoaPods is installed on your machine. If not, run: 
    sudo gem install cocoapods
  2. Add VerisoulSDK to your Podfile: 
    pod 'VerisoulSDK', '~> 0.3.0'
  3. Run the following command to install the SDK: 
    pod install
  4. Open the .xcworkspace file in Xcode and start using the SDK.

Swift Package Manager (SPM)

To integrate VerisoulSDK using Swift Package Manager:
  1. Open your project in Xcode.
  2. Go to File > Add Packages.
  3. Enter the repository URL for VerisoulSDK: 
    https://github.com/verisoul/ios-sdk.git
  4. Choose the version you wish to use and add the package.
The SDK will automatically integrate into your project.

Capabilities

To fully utilize VerisoulSDK, you must add the App Attest capability to your project. This capability allows the SDK to perform necessary checks and validations to ensure the integrity and security of your application. Update your app’s entitlements file: 
<key>com.apple.developer.devicecheck.appattest-environment</key>
<string>production/development (depending on your needs)</string>

Device Check and App Attest Integration

The SDK collects device and network risk data and wraps Apple’s Device Check and App Attest APIs to improve security. These features are optional — you can choose to enable or disable them as needed however they are highly recommended to improve security. To enable these features, you must provide the following information in the developer section of the Verisoul dashboard in the Developers Section:
  • Apple Team ID: Your Apple Developer Team identifier.
  • Bundle Identifier: The bundle ID of your app.
  • Device Check Private Key: Create a private key (a .p8 file) and provide its associated Key ID.

Usage

1. Initialization

configure(env:projectId:) Configure the SDK by passing it the environment, project ID, and bundle identifier. This function initializes the networking, device check, and device attestation components. Parameters:
  • env (VerisoulEnvironment): The environment to configure the SDK with (e.g., dev, staging, prod).
  • projectId (String): Your project’s unique identifier.
Verisoul.shared.configure(env: .prod, projectId: "your-project-id")
Note: The configure(env:projectId:) method should be called once, typically during the app’s initialization process (e.g., in the AppDelegate or SceneDelegate).

2. Get Session ID

session() async throws -> String Once the minimum amount of data is gathered the session ID becomes available. The session ID is needed in order to request a risk assessment from Verisoul’s API. Note that session IDs are short lived and will expire after 24 hours. The application can obtain session ID by providing the callback as shown below: 
do {
    let sessionId = try await Verisoul.shared.session()
    print("Session ID: \(sessionId)")
} catch {
    print("Failed to retrieve session ID: \(error)")
}

Update the privacy manifest file

See [https://support.verisoul.ai/articles/7617665341-verisoul-ios-sdk-app-store-privacy-manifest-instructions] for instructions on how to answer the app privacy questions when submitting to the app store. 
<plist version="1.0">
<dict>
    <!-- Privacy manifest file for Verisoul Fraud Prevention SDK for iOS -->
    <key>NSPrivacyTracking</key>
    <false/>

    <!-- Privacy manifest file for Verisoul Fraud Prevention SDK for iOS -->
    <key>NSPrivacyTrackingDomains</key>
    <array/>

    <!-- Privacy manifest file for Verisoul Fraud Prevention SDK for iOS -->
    <key>NSPrivacyCollectedDataTypes</key>
    <array>
      <dict>
        <!-- The value provided by Apple for 'Device ID' data type -->
        <key>NSPrivacyCollectedDataType</key>
        <string>NSPrivacyCollectedDataTypeDeviceID</string>

        <!-- Verisoul Fraud Prevention SDK does not link the 'Device ID' with user's identity -->
        <key>NSPrivacyCollectedDataTypeLinked</key>
        <false/>

        <!-- Verisoul Fraud Prevention SDK does not use 'Device ID' for tracking -->
        <key>NSPrivacyCollectedDataTypeTracking</key>
        <false/>

        <!-- Verisoul Fraud Prevention SDK uses 'Device ID' for App Functionality
             (prevent fraud and implement security measures) -->
        <key>NSPrivacyCollectedDataTypePurposes</key>
        <array>
          <string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string>
        </array>
      </dict>
    </array>

    <!-- Privacy manifest file for Verisoul Fraud Prevention SDK for iOS -->
    <key>NSPrivacyAccessedAPITypes</key>
    <array>
      <dict>
        <!-- The value provided by Apple for 'System boot time APIs' -->
        <key>NSPrivacyAccessedAPIType</key>
        <string>NSPrivacyAccessedAPICategorySystemBootTime</string>
        
        <!-- Verisoul Fraud Prevention SDK uses 'System boot time APIs' to measure the amount of
             time that has elapsed between events that occurred within the SDK -->
        <key>NSPrivacyAccessedAPITypeReasons</key>
        <array>
          <string>35F9.1</string>
        </array>
      </dict>
    </array>
</dict>
</plist>

Next Steps