Skip to main content

API key rotation

The API keys that are used for SDK initialization may be rotated for security reasons. Please use the Incode dashboard to revoke keys and generate new ones.

Once an API key is revoked from the dashboard, all currently ongoing onboarding sessions that were using that API key will be aborted and the onError(Throwable) method on the IncodeWelcome.OnboardingListener() will get called.

This is the place where you should handle replacing the API key.

public void onError(Throwable error) {
if (error instanceof ApiKeyRotationException) {
// Your logic for the rotation of the key

When a new API key has been obtained, the SDK should be reinitialized using IncodeWelcome.Builder(Application, String, String):

new IncodeWelcome.Builder(getApplication(), apiUrl, apiKeyRotatedIn)
... // optional configuration

// SDK has been reinitialized successfully

Once the SDK has been reinitialized successfully, the old session can be restarted, or you can start a completely new onboarding session.