@objcMembers public final class HaapiTokenManager: NSObject

HaapiTokenManager instances manage HAAPI tokens and facilitate interacting with the HAAPI service. If needed, the HaapiTokenManager performs the attestation flow, by using the Device Check services on the iOS device.

The HaapiTokenManager is created by using the Builder, like

   haapiTokenManager = HaapiTokenManager.Builder(
       tokenEndpoint: ""
       clientId: "my-oauth-client-id"

The HaapiTokenManager internally relies on an URLSession instance with default configuration to perform HTTP requests. However, it is possible to provide an initialized URLSession-instance to the Builder upon instantiation, which ensures custom connection-related configuration can be supported.

Once an instance of the HaapiTokenManager is created, it can be used to obtain a HAAPI token. Once a HAAPI token is obtained, the HaapiTokenManager can provide a client through the createClient() method. This client can be instructed to use a provided URLSession to make its requests, or use an internal URLSession instead.

For example, create a default HaapiClient using the HaapiTokenManager is done like

let haapiClient = haapiTokenManager.createClient()

Alternatively, creating it with a custom URLSession is done like

let haapiClient = haapiTokenManager.createClient(
    urlSession: URLSession(
        configuration: URLSessionConfiguration.default,
        delegate: urlSessionDelegate,
        delegateQueue: nil

Once a HaapiTokenManager is created, the HaapiClient that it can provide can be used to perform operations according to the HAAPI specifications. An example request made using the HaapiClient looks like

var authorizationRequest = URLRequest(url: FlowTests.authorizationUrl)
authorizationRequest.httpMethod = "GET"

haapiClient.performDataTask(for: authorizationRequest) { result in
    switch result {
    case .success(let responseAndData):
        let response = responseAndData.response
        let data =
    case .failure(let error):

The above example attempts to make a GET request to the authorization endpoint and provides a completing function for further processing of the results.