This is crisp integration documentation to plug *Radware Bot Manager Android SDK directly into your Android App to protect your API servers from the malicious bots originating from Mobile App.
*ShieldSquare is now Radware Bot Manager
Ensure you have created an account in Radware Bot Manager portal before getting started
Ensure you have already integrated Radware Bot Manager at your Web server or Application server
Operating System Supported: Android 4.3 or above
Device supported : Smartphones &Tablets
Android studio version supported: 2.3 or above
Write to email@example.com for your custom SDK for integration.
When your mobile app makes a REST call to your server/API, the data request is sent to Radware Bot Manager connector integrated at your Origin/Web server. In parallel, Radware Bot Manager SDK asynchronously collects data and sends to Radware Bot Manager bot engine for analysis. Data consists of device details (characteristics, orientation & acceleration) and behavioral details (events: buttons clicked, ads clicked, articles read/shared/liked, comments posted, screens viewed, purchases made, levels completed etc.,) based on your business logic from the interactions of the user with your Mobile App.
Radware Bot Manager connector sends the data to the Radware bot engine via Radware Bot Manager endpoint (deployed across the world using the global load balancer for minimal latency).Radware bot engine analyses the data from the endpoint and responds with appropriate action to humans and bots.
Your origin/web server either sends the requested App data to the user or challenge with CAPTCHA or block the page based on the response from Radware Bot Manager. Radware Bot Manager SDK has the capability to render in-app CAPTCHA / Block page.
Integrate Radware Bot Manager SDK into your project
Configure the Radware Bot Manager SDK
Test and release your application
a. Unzip the package ss2_android_sdk_vx.x.x.zip which would contain ss2_android_sdk_vx.x.x.aar file.
b. Import Radware Bot Manager SDK as a module by choosing File > New > New Module >Choose ‘Import .JAR/.AAR’ and locate the downloaded 'ss2_android_sdk.aar'.
c. Add the following dependencies to your app-level build.gradle file. This dependency is to add Cookie storing capability to your App ( if it doesn't have already) to help Radware Bot Manager to set four first-party cookies to identify patterns of the user interactions.
. . . . . . implementation 'com.android.support:design:27.1.1' implementation 'com.squareup.retrofit2:retrofit:2.4.0' implementation 'com.github.franmontiel:PersistentCookieJar:v1.0.1' implementation 'com.squareup.retrofit2:converter-gson:2.4.0' implementation 'com.google.android.gms:play-services-safetynet:15.0.1' implementation project(':ss2_android_sdk') . . . . . .
If you encounter this error : Failed to resolve : com.github.franmontiel:PersistentCookieJar:v1.0.1
a. Initialize the Radware Bot Manager SDK in your application file as below. Use code block 1 if you want to initialize Text CAPTCHA, use code block 2 if you want to initialize Google reCAPTCHA.
//use this to initialize Text CAPTCHA private final String SUBSCRIBER_ID = "XXXX" ; . . . . . . TextCaptcha textCaptcha = new TextCaptcha.Builder() .build(); ShieldSquare shieldSquare = new ShieldSquare.Builder( this ) .setCaptchaOption(textCaptcha) .setSubscriberID( SUBSCRIBER_ID ) .setShieldSquareServiceUrl("https://cas.avalon.perfdrive.com/") .build(); . . . . . .
//use this to initialize Google reCAPTCHA private final String SUBSCRIBER_ID = "XXXX" ; private final String SAFETY_NET_API_SITE_KEY = "Your-Recaptcha-Site-Key" ; //required if you want to use Google reCAPTCHA private final String DOMAIN_VERIFY_ON_SERVER = "Your-Recaptcha-Verification-Domain" ; //required if you want to use Google reCAPTCHA . . . . . . ReCaptcha reCaptcha = new ReCaptcha.Builder() .setSiteKey( SAFETY_NET_API_SITE_KEY ) .setServerVerificationDomain( DOMAIN_VERIFY_ON_SERVER ) .build(); ShieldSquare shieldSquare = new ShieldSquare.Builder( this ) .setCaptchaOption(reCaptcha) .setSubscriberID( SUBSCRIBER_ID ) .setShieldSquareServiceUrl("https://cas.avalon.perfdrive.com/") .build(); shieldSquare.setUserId("your-user-id"); . . . . . .
b. When initializing Retrofit, include ShieldSquareInterceptor and ShieldSquareCookieManager as below.
. . . . . . OkHttpClient client = new OkHttpClient.Builder() .addInterceptor( new ShieldSquareInterceptor()) // Adding method #1 .cookieJar(CookieManager.provideCookieJar ()) // Adding method #2 .build(); Retrofit retrofit = new retrofit2.Retrofit.Builder() .client(client) .build(); . . . . . .
The above code will intercept all responses received by the retrofit engine, enables cookie setting on the app and takes action based on the response from the Server.
c. To collect events data, insert below analytics snippet whenever there is an event triggered in your app (Eg: App open, User signed in, Pages/screens viewed, an article read/liked/shared/commented, app version updated etc.,). Radware Bot Manager collects the events data in a batch process in fixed time intervals.
String eventName="login_success"; String screenName=getTitle().toString(); JSONObject eventParams = new JSONObject(); eventParams.put("value", "test"); eventParams.put("sessionId", "1234-1234-1234"); ShieldSquare.trackEvents(eventName, screenName, eventParams);
Once the complete functionality of the mobile app with Radware Bot Manager integration is tested in the staging environment, you can go ahead and release your production project App in Google Play.
Write to firstname.lastname@example.org any clarifications and to get your custom SDK.