The aim of this tutorial is to lay out the steps for integrating TypingDNA authentication for mobile applications.
User identity verification using TypingDNA Authentication API can be integrated on mobile devices as part of native apps or mobile browser web apps.
We call the user typing behavior a typing pattern. The terminology is used regardless of the platform on which the integration is implemented. See more info regarding typing patterns here.
By default, a typing pattern consists of keystroke data (i.e., timings based on keydown and keyup events). But, on mobile devices, typing patterns can also contain motion data (e.g., acceleration and orientation) as we will see below. For more information, check out our typing pattern viewer tool here.
Typing patterns that also contain motion data are considered more robust. This is because they capture the typing behavior of the user more comprehensively.
Mobile typing patterns are different from desktop typing patterns. This means that a user has to be enrolled from a mobile device (hence with a mobile typing pattern) to be able to further authenticate themselves on mobile devices.
Moreover, mobile typing patterns differ based on the position of the typing (check mobile positions documentation here). This is very important because a user can be validated only on a typing pattern position that was used during enrollment. To exemplify, some mobile typing positions are: typing while holding the phone in your hand in portrait orientation (used most often), typing while holding the phone on a surface (i.e., a desk) in portrait orientation, and typing in landscape orientation.
Here are some considerations to keep in mind before deciding to implement TypingDNA authentication inside a native app and a mobile browser web app:
Since the goal is authenticating mobile users based on their typing patterns, there are two main steps that need to be accomplished:
The second step consists of making API calls to our API Authentication Service. To do that, you need to have a TypingDNA account that comes with the authentication keys needed to make the API calls (sign up here).
We recommend creating proprietary calls from your mobile app to some back-end service on your side, which, in turn, makes the calls to TypingDNA’s Authentication API. It is a good practice to keep the API connection keys in a safe place (on your back-end).
You can have a web app that integrates with the TypingDNA JS Recorder and will also work for mobile browsers. However, to be able to implement the specific mobile workflow, you can make use of TypingDNA.isMobile() recorder method to check if the current running environment is mobile or not.
The authentication workflow is the same as the one for the web with the following difference(s):