SDK Layer Overview#
The SDK Layer sits between the Driver Layer and the UI Layer. It exposes two managers — HaapiManager for flow stepping and OAuthTokenManager for OAuth token lifecycle — wrapped together by HaapiAccessor. The SDK wires up attestation, Dynamic Client Registration fallback, DPoP, and error categorization behind those APIs. Build your own UI on top, and let the SDK handle the protocol mechanics.
Most apps that need a custom UI start here. React Native’s only user-facing surface is the SDK Layer — the UI Layer does not ship a React Native flavor.
When to Choose This Layer#
- You need full control over the visual presentation of the authentication flow.
- You want structured
start → submit → followLinkstepping with typed step models (InteractiveFormStep,PollingStep, and others). - You want the SDK to manage attestation, DCR fallback, DPoP, and token refresh transparently.
- You are integrating from React Native (the SDK Layer is the entry point for RN).
If the prebuilt screens fit your product, drop up to the UI Layer . If you need full transport control, drop down to the Driver Layer .
What the SDK Handles For You#
- Attestation and DCR fallback selection.
HaapiAccessorpicks the right path automatically based on device capabilities and configuration. - DPoP token binding and nonce rotation. Handled internally by the underlying
HaapiTokenManager— nonces are framework-managed. - Flow stepping. Each HAAPI response is mapped to a typed step model the application can render.
- Error categorization. Retryable, unrecoverable, and OAuth-protocol errors are surfaced as distinct types.
What you provide: the UI that renders each step, and the navigation between steps based on user input.
Topic Pages#
Configuration knobs, primitives, and operational concerns are documented on shared topic pages with iOS and Android code shown side-by-side in <Tabs> (React Native lands on these pages when the bridge ships):
- Creating a HaapiAccessor —
HaapiAccessorBuilder/HaapiAccessorFactoryand the three access patterns - HAAPI Flow —
start → submit → followLinkstepping pattern and typed step models - OAuthTokenManager — fetch, refresh, revoke
- Token Endpoint Response Listener — capture raw HTTP headers; avoid double-handling
- Token Binding — DPoP-bound authorization codes and refresh tokens
- DCR —
DCRConfiguration/DcrConfigurationfor non-attestation devices - Risk Assessment — device-context collection for BankID and similar
- Client Authentication — wiring Secret, MTLS, Signed JWT
- Error Handling — retryable, unrecoverable, and OAuth-protocol categories
- Logging —
HaapiLoggerwith Driver + SDK tags
Platform Landing Pages#
Each platform’s slim landing carries the install snippet, a pointer to the auto-generated API reference, and a list of the topic pages above:
| Platform | SDK Layer available? | Landing page |
|---|---|---|
| iOS | ✅ | iOS SDK |
| Android | ✅ | Android SDK |
| React Native | ✅ | React Native SDK |
Related concepts: Attestation and Fallback · Error Handling · DPoP and Nonces