Quixxi App Attestation
A Flutter plugin that provides real-time application integrity verification using the Quixxi App Attestation service.
Prerequisites
Before integrating the plugin, you must:
- Register at Quixxi Security: Log in to the Quixxi Security Portal.
- Configure Your Application: Add your app to the portal to get your unique credentials.
- Obtain Credentials: You will need the following values from the portal:
privateKey: Your unique private key for signing attestation requests.appGuid: The unique identifier for your application.baseUrl: The base URL of your app server.
Note: To ensure successful attestation across both platforms, you must use the same application identifier for Android (
applicationIdinbuild.gradle) and iOS (CFBundleIdentifierinInfo.plist). The Quixxi Security Portal requires a single, consistent identifier for each app.
Installation
Add this to your package's pubspec.yaml file:
dependencies:
quixxi_app_attestation: ^0.0.1-beta.4
Then, run flutter pub get to install the plugin.
Usage
It is crucial to invoke the attestation check as early as possible in your application’s lifecycle. The ideal place is in your main() function, before runApp().
Example
Here's how to initialize and run the attestation check:
import 'package:flutter/material.dart';
import 'package:quixxi_app_attestation/quixxi_app_attestation.dart';
void main() async {
// Ensure the Flutter binding is initialized.
WidgetsFlutterBinding.ensureInitialized();
// Run the app attestation check.
final isAttestationSuccessful = await QuixxiAppAttestation.init(
privateKey: 'YOUR_PRIVATE_KEY', // Replace with your key from the Quixxi portal
baseUrl: 'YOUR_BASE_URL', // Replace with your Base URL
appGuid: 'YOUR_APP_GUID', // Replace with your GUID from the Quixxi portal
);
if (isAttestationSuccessful) {
// If attestation is successful, run the app normally.
runApp(const MyApp());
} else {
// If attestation fails, you can take protective actions, such as:
// 1. Showing an error screen.
// 2. Disabling critical features.
// 3. Exiting the application.
runApp(const AttestationFailedScreen());
}
}
class MyApp extends StatelessWidget {
const MyApp({super.key});
@override
Widget build(BuildContext context) {
return const MaterialApp(
home: Scaffold(
body: Center(child: Text('App Attestation Successful!')),
),
);
}
}
class AttestationFailedScreen extends StatelessWidget {
const AttestationFailedScreen({super.key});
@override
Widget build(BuildContext context) {
return const MaterialApp(
home: Scaffold(
body: Center(
child: Text('Application integrity could not be verified. Please download the official app from the app store.'),
),
),
);
}
}
Parameters for init()
| Parameter | Type | Description |
|---|---|---|
privateKey |
String | Your unique private key, used to sign the attestation request. |
baseUrl |
String | The base URL of your app server. |
appGuid |
String | The unique identifier for your application, assigned in the Quixxi portal. |
Support
- Dashboard & Configuration: Quixxi Security Portal
- Technical Support: [email protected]