T1C), during it's first startup, the application will generate a key pair and certificate. The public key of the device installation must be registered with the
DSas a first step in order to facilitate signed and encrypted communication to between an device installation and the
DS. For this purpose, the
T1Cinstaller is packaged with an API key (which is generated when creating a new version through the
DS API, see
Create Or Update Versionunder management) with which it can obtain an access token to register its certificate with the
DS. When the certificate is registered, the
DSissues a unique identifier for the device installation. Upon reception of its identifier, the
T1Cdevice installation will store its key pair and certificate in a keystore keyed to that identifier and discard the installation API key. All subsequent communication between the
T1Cdevice installation and the
DSis done through JWE, tokens signed with the device installation private key and encrypted with the
DSpublic key (or vice versa for the response from the
T1Cwill contact the
DSand request information about the latest available version. This results in the following behaviour
DShas the property
true, an OS dialog will be shown informing the user that a new version is available, with a download link appropriate for the device OS
DShas the property
true, an OS dialog will be shown informing the user that his current installation can no longer be used and request that they download the new version through the provided link. The
T1Capplication will then shut down, in order to force the user to upgrade if they wish to continue using
mandatorybut the device installation is not the latest version, the device installation will then request information on its current version. If the response from the
DShas the version's
allowedproperty marked as
false, the device installation will display a message with a download link and shut down in a similar manner as when the latest version's
mandatoryproperty is marked as
DSwill provide an endpoint to download a OS-appropriate installer, which will be determined by parsing the
User-Agent-header value when sent by the
T1T-SDK-JSclient (or an implementation of your own) using a browser. This is a best effort functionality, i.e. Trust1Team can't categorically guarantee a correct response due the fact that browsers'
User-Agentvalues do not always accurately describe the client device. As an alternative, the
DSalso provides an endpoint where you can download the OS-appropriate version of your choice.
DSis also responsible for serving installer packages to the end users. When creating a new version (see
Create Or Update Version), URI's can be defined for OS-specific installers (either as a filesystem URI or an URL). The
DSthen streams the file contents over the gateway to the client device.
DS, various settings and configurations can be managed. Whether it is to update the CORS allowlist through the
Context Configor updating the device installations'
SSL Keystore Config, for this information to reach the
T1Cdevice installations an exchange must take place.
T1Cdevice installation sends a digest of its
SSL Keystore Configto the
DS. If it doesn't match the digest on record in the
DS(e.g. because the CORS allowlist has been changed or there is an update available for the SSL keystore), it sends the correct values back to the
T1Cdevice installation which then overwrites its current values with the new ones.
T1Cdevice installation also sends an update to the
DSof its own state containing the following information:
T1Cdevice installation. This is obtained from the application JWT received in the request (see
Create or Update Label)
T1Cdevice installation. This is obtained from the
User-Agentheader received in the request
T1Cdevice installation. If it fails to synchronize a configurable amount of times in a row, it will shut down until it is able to synchronize with the
DSreceives use case counters from
T1Cdevice installations during the synchronization process. The counters are stored in 2 ways:
DSprovides an endpoint that can queried to receive information on the platform. Currently it returns the following information:
DSin order to obtain access to the
T1Cdevice installations' endpoints. You can retrieve, create, update or delete labels
T1Cdevice installation packages, and various configurations. You can retrieve, create, update or delete versions, and manage the associated configurations.
DSwill generate an expirable access token for a label or a version, either for a consuming
T1Capplication consumer or device installation registration respectively, if presented with an API key registered to the label or version.
DSwill contain a frontend application with an analytics and demographics dashboard for logged in users, displaying device information breakdowns (OS, browser, ...), transactions overview, etcetera.