Skip to main content

Device SDK

Introduction

The Device SDK is designed to prevent cheating from non-BitBoy devices. When used in conjunction with backend device verification services, it can verify whether the source is a legitimate BitBoy device, thereby ensuring a trusted dApp running environment and maintaining the security of the ecosystem.

Main Features

  • Device SDK signs device information
  • Device Verify validates signatures

Main Steps

Process diagram for dAPP to verify that a device request is trusted

Step Description

  1. When a dApp needs to verify if the device is a genuine BitBoy device (such as preventing requests from virtual machines or maliciously forged requests from non-BitBoy terminals), call the integrated device SDK in the dApp to obtain device signature and other information;

  2. When sending requests, the dApp can include the device signature information obtained in step 1 and send it to the business backend server (maintained by developers);

  3. The business backend server constructs specific requests and calls the BitBoy Device Verification Service API to obtain verification results.

caution

These steps are only necessary when device identity verification is required (to avoid resource waste and occupation, the BitBoy Device Verification Service has call limitations and should not be called arbitrarily. It is recommended to use it only during necessary business processes).

Detailed Instructions

Usage Guide

  1. Apply and obtain app_key from the BitBoy Developer Application Management Console.
  2. Initialize SDK

Before using the SDK, you need to obtain an APP_KEY from the Developer Console. This is your application's unique identifier.

//sample code
BitboySDK sdk = new BitboySDK(context, "YOUR_APP_KEY");
  1. Generate Signature

When signature operation is needed, call the SDK's signing method:

// sample code
String signature = sdk.signMessage();

This method will return a signature string containing all necessary information.

Signatures cannot be reused. A new signature must be generated each time verification is required.

  1. Sending Signature to Verification Server

When sending requests to the BitBoy server, add the signature to the request header:

// sample code
HttpURLConnection connection = (HttpURLConnection) url.openConnection(); 
connection.setRequestProperty("message", signature); 
connection.setRequestProperty("sign", sdk.getSignature());
tip

Please refer to the code example of Device SDK integration using React Native as an example

Important Notes

  • Please keep your APP_KEY secure and do not expose it or hard-code it in your application.
  • The signature verification service has usage limits and doesn't need to be called every time. Avoid frequent calls - it's recommended to use it only when necessary or cache results for a certain period.
  • The signature result includes timestamp information to prevent replay attacks. Please ensure to use the generated signature promptly.

Error Handling

The SDK may throw the following exceptions:

/*
  * The meaning of the return value re is as follows:
  
  * 1: Success
  *
  * [Other non-1 values indicate errors]
  * >=0 indicates check errors
  *
  * <0 indicates SDK internal errors, among which
  * -1: Memory allocation failure
  * -6: Check result cannot be recognized
*/

Signature Verification

When developers need to verify whether a request from a device is from a genuine BitBoy device during business logic processing, they can extract the signature from the business request and then request the verification service to obtain the verification result. An example is as follows:

curl --location --request POST 'https://api.bitboy.games/bitboy_l2_auth/verify' \
--header 'signature:
3045022100f23d2c72657107505a62e3902e4dbc7705c20683b1ece4caafea4b33d5bb6c4
a022007c8490c3888315b4658cadbc3a723cc8fd2bc6f56735daf08fce32f34f3f9f7' \
--header 'body: cP6GxQTA-mklYULSQ-1729197492-ca9b3d9dccd90900f4fec5f506fef7be'
\
--data ‘’

success response

{
"code": 1,
"status": "success"
}

error response

codeerror info
20Parameter error
2001App Key does not exist
2002Device ID does not exist
21Permission denied
2101Public key not bound
2102Signature verification failed
2103Signature comparison failed
2104Authentication time error

Support

If you encounter any issues while using the SDK, please contact the BitBoy Developer Support Team.