Prerequisites
Trust1Connector API DNS
The Trust1Connector API v3 exposes a secure REST API on the client device. Trust1Team has created a t1c.t1t.io
DNS entry (or customer-specific DNS entry) that points to 127.0.0.1
in order to facilitate SSL communication. This means that if the customer infrastructure uses a proxy for all network traffic, an exemption must be made for t1c.t1t.io
to always point to the origin device's loopback address.
If no exemption is made and https://t1c.t1t.io
is handled by a proxy, it will redirect to 127.0.0.1
IP of the proxy server instead of the local machine, and the Trust1Connector API will be unreachable.
The reserved domain from Trust1Team has been registered with DNSSEC on the aforementioned URI. When a PARTNER uses its own DNS, we strongly recommend applying DNSSEC on the domain used in production.
Distribution Service
In order to correctly function, the Trust1Connector API must be able to connect to its configured Distribution Service. You must allow REST traffic to the following URLs (if applicable):
Acceptance:
https://acc-ds.t1t.io
Production:
https://ds.t1t.io
A partner can opt for its own Distribution server, whereas the URIs mentioned above, will be defined by the hosting party.
Disk Space
The T1C-Proxy (necessary for shared environments only) requires ± 250Mb of space. The T1C-API is installed in user space and also requires ± 250Mb of space for every user.
The T1C-Sandbox is installed in user space and ± 10Mb of space for every user.
For the Trust1Connector v3 versions, more specifically from v3.5.0, the following metrics apply:
T1C-Proxy will be included in the T1C-API and will use ± 10Mb of disk space for every user, except for shared environments, where the T1C-API will serve multiple users, and where worker threads can be defined. Depending on the number of worker threads (configured based on the maximum number of users allowed on the same host), the memory consumption will have a linear growth.
T1C-Sandbox is installed in user space and ± 10Mb of space for every user.
API Key
All endpoints of the Trust1Connector API are secured and require a JWT to access. To obtain a token, an API key must be exchanged.
This API key must be requested from TRUST1TEAM, or created by the customer if they are hosting their own Distribution Service. The API key must never be used in a front-end application (where the API key can be compromised). The API key is needed to exchange the token, using a Distribution Server, resulting in a short-lived Json Web Token.
A PARTNER can decide to distribute a version without the use of a JWT. In those cases, the liability of the security flow resides completely in the context of the web application, thus Trust1Team can not guarantee the security context where the Trust1Connector is integrated upon.
Operating System
Right now Trust1Connector support two operating systems;
MacOS 10.9 or higher
X86 architecture
M1/ARM architecture
Windows 8.1 or higher
Trust1Team support Windows/Mac OSX OS families where lifecycle support is guaranteed from the Vendor of the Operating System. The moment the OS version has been marked as ‘end of life’, Trust1Team can not guarantee the functionality anymore.
When PARTNERS are in need to support an older version or keeping the support running on the level of Trust1Team, no guarantees can be made. Trust1Team can setup a custom project, on demand of the PARTNER. Those requirements, changes or other adaptations needed, are not covered in the Trust1Connector license fee.
Windows 8.1 or higher
To run in user-space on Windows 8.1 or higher some components have to be set on the operating system
Registry keys
Below you can find a list of all registry keys that will be created for the working of the Trust1Connector, All these keys are added to HKCU
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Trust1Team\Trust1Connector
Cookies
When running in a shared environment a cookie is used to store the user's consent, the following cookie will be used: