Objective 

This is crisp integration documentation to plug Radware Bot Manager iOS SDK directly into your iOS application to protect your API servers from the malicious bots originating from Mobile App. 

Prerequisite & Compatibility 

  1. Ensure you have created an account in Radware Bot Manager portal before getting started

  2. Ensure you have already integrated Radware Bot Manager at your Web server or application server

  3. Operating System supported: iOS 8 or above

  4. Devices supported: iPhone, iPad, iPod touch

  5. XCode version: 8 or above

  6. Swift version: 4.0.3, 4.1.2 (For any specific versions, write to botmanager_support@radware.com for the custom build) 

Write to botmanager_support@radware.com for your custom SDK for integration. 

How it works?

  1. When your mobile app makes a REST call to your server/API, the data request is sent to ShieldSquare connector integrated at your Origin/Web server. In parallel, ShieldSquare SDK asynchronously collects data and sends  to ShieldSquare bot engine for analysis. Data consists of device details (characteristics, orientation & acceleration) and behavioral details (events : buttons clicked, ads clicked, articles read/shared/liked, comments posted, screens viewed, purchases made, levels completed etc.,) based on your business logic from the interactions of the user with your Mobile App. 

  2. ShieldSquare connector sends the data to the ShieldSquare bot engine via ShieldSquare endpoint (deployed across the world using the global load balancer for minimal latency).

  3. ShieldSquare bot engine analyses the data from the endpoint and responds with appropriate action to humans and bots. 

  4. Your origin/web server either sends the requested App data to the user or challenge with CAPTCHA or block the page based on the response from ShieldSquare. ShieldSquare SDK has the capability to render in-app CAPTCHA / Block page. 

  • You have to be in 'Active mode' for receiving response codes for CAPTCHA/Block by configuring the responses for different categories of bad bots in 'Bot response page' in ShieldSquare admin portal. ShieldSquare recommends to handle empty data when the user solves the CAPTCHA.  

  • If required, the Radware Bot Manager bot engine can also be configured to send response code (CAPTCHA / Block) directly to ShieldSquare SDK.

Integration steps

  1. Integrate ShieldSquare SDK into your project

  2. Configure the ShieldSquare SDK 

  3. Test and release your Application 

1. Integrate Radware Bot Manager SDK into your project 

a. Unzip the package ss2_ios_sdk_vx.x.x.zip which would contain below files.

b. Drag and drop ss2_ios_sdk_vx.x.x folder into your Xcode project. Ensure the 'Destination' is checked for 'Copy items if needed' and the appropriate destination group folder is selected.

c. Select the Project file and add ShieldSquare.framework under Embedded binaries. 

d. Select your project from the project navigator and choose your deployment target.

e. Open the Build Phases tab and under 'Link Binary with Libraries', verify 'ShieldSquare.framework' is added. 

2. Configure the ShieldSquare SDK 

a. Update info.plist file with the below keys.  

1) SS_SUBSCRIBER_ID (String Type)
2) SS_RECAPTCHA_KEY (String Type)
3) SS_RECAPTCHA_DOMAIN (String Type)

  • ShieldSquare support team will provide unique customer ID for your account. 

  • Ensure you can configure a required response 'CAPTCHA' or 'Block' from the Bot Response page in ShieldSquare Admin Dashboard for different types of bots. 

  • You can ignore RECAPTCHA key and domain if you use text CAPTCHA. 

b. Do the following modifications in appdelegate file 

import ShieldSquare
ShieldEngine.setup(keyWindow: window!, verifyViewType:
ShieldEngine.SSCaptchaViewType.sstextcaptcha)
ShieldEngine.setUserId(userId: "Visitor ID") // Set the User ID parameter of visitor 

If you want to use Google reCAPTCHA, you have to replace 'sstextcaptcha' with 'ssrecaptcha' in the above method along with domain & key values in the info.plist. For now, we only support google Invisible reCAPTCHA and we recommend that you keep the difficulty level for reCAPTCHA as Medium.

public static func logShieldEvents(resultObject: HTTPURLResponse?) {
DispatchQueue.main.asyncAfter(deadline: .now() + 0.1) {
ShieldEngine.trackBot(httpResponseObject: resultObject)
}
}
AppDelegate.logShieldEvents(resultObject: response as? HTTPURLResponse)

c. To collect custom events data, insert below analytics snippet whenever there is an event triggered in your app (Eg:  App open, User signed in, Pages/screens viewed, the article read/liked/shared/commented, app version updated etc.,). ShieldSquare collects the events data in a batch process in fixed time intervals.

ShieldEngine.trackEvents(
eventName: "login_success",
screenName:"",
eventParams: ["value" : "test", "sessionId" : "1234-1234-1234"])
  • Ensure you have imported ShieldSquare before adding any changes to collect events. 

  • You can add any number of values and keys in the 'eventParams'  

3. Test and release your application 

Once the complete functionality of your app with ShieldSquare iOS SDK integration is tested in the staging environment, you can go ahead and release your App in the App store. 

Write to support@shieldsquare.com for any clarifications and to get your custom SDK.