PreFetch

Does pre-fetch increases the app load time?
  • No pre-fetch is an asynchronous call so it has no impact on app load time.
What is the latency?
  • Latency for prefetch is dependent on assets being updated but usually we use s3 asset files with hash comparison which keeps latency dependent on responses from aws.

Proguard Rules

What Proguard rules should be added in my proguard file?
Add the below line to your Proguard file: -keep class in.juspay.** {*;}

SDK Permissions

What are the SDK permissions required for Hyper SDK 2.0?
Hyper SDK (Android) requires some permissions for seamless function of some of its features (for enhancing payment conversion rates).

PERMISSION

REASON

READ_SMS,
RECIEVE_SMS,
SEND_SMS

The SMS related permissions are required for auto-read OTP functionality provided by Juspay Safe and Native OTP, in order to enhance conversion rates (upto +10% increases in conversion rates).

Without these permissions, the SDK will not be able to auto-read the bank OTP.

Note: Due to the changes in the Google Play Developer policy, going forward Juspay SAFE will be auto-reading OTP using the SMS Consent feature on Android in case a merchant doesn’t have SMS permission. However, this feature will be available for merchant applications using Android X support libraries. Please remove SMS permission as mentioned below incase you do not have SMS permission.

READ_PHONE_STATE

For UPI user onboarding and registration functionality, we use this to check if the phone has Dual SIM.

The READ_PHONE_STATE permission is used for both the above categories. We use it for analytics to get the DEVICE_ID and MAC_ADDRESS (such information will be hashed and logged for data security reasons) parameters of the phone for uniquely fingerprint the customers as that will help with analytics.

ACCESS_NETWORK_STATE

This allows the use of ConnectivityManager API. We use this API to detect whenever network change happens and to see when a user is connected to a data connection.

INTERNET

This permission is mandatory to do any API call (for analytics logging, transaction APIs, etc.)

How to selectively restrict Hyper SDK from using specific permissions, while continuing to use them in other parts of the application?
  • NOTE: This feature is available only on the latest version of Hyper SDK.
  • You can add a payload parameter named disallowedPermissions to the initiate call with an array of permissions you wish Hyper SDK to not use.

SMS Permissions

Why is SMS consent required for HyperSDK ?
How can I override the SMS permissions requested by Hyper SDK?
  • You may override the Hyper SDK permissions by adding below code snippet to your app’s manifest file.
  • uses-permission android:name="android.permission.RECEIVE_SMS" tools:node="remove"
  • uses-permission android:name="android.permission.READ_SMS" tools:node="remove"
Why cannot Hyper SDK use SMS retriever API to auto-read OTP?
  • The SMS Retriever API can be used if the OTP is being sent and read by the same entity.
  • In the case of Financial transactions, the SMS is triggered and read by different entities ( OTP is triggered by the bank, however read by Juspay SDK / merchant app) and hence retriever cannot be used.
How to apply on Google Play console to grant SMS permission for my application?
Please follow the below steps.
STEP 1STEP 1

STEP 1

Minimum SDK Fix

What is the minimum SDK API level required for HyperSDK 2.0?
  • Hyper SDK is compatible with Android version "19" or higher. Hence, your Android app must have a minimum SDK version 19 or higher.
How can I override the minimum SDK version?
  • If you want to support devices below API level 19, you must override minSDK version, by adding the below code snippet in your Android Manifest file.
  • <uses-sdk android:targetSdkVersion="<MerchantsVersion>" android:minSdkVersion="<MerchantsVersion>" tools:overrideLibrary="in.juspay">

CloudFront URLs

What are the CloudFront URLs?
  • Cloudfront URLs are the CDN resource management system and are used to download assets.
Why are the CloudFront URLs public?
  • URLs are public since these assets are common and contain non-sensitive information. Think of them similar to an image URL exposed to the internet.
Do you validate public data?
  • All config files are signed and the same is validated before consuming any file received from CloudFront URLs. Any change in the file structure will lead to a signature mismatch and subsequent rejection of the bundle (v1-config.zip).

Did this page help you?