Developers

Integration documentation

REST API and mobile SDKs for embedding TrueTap verification in your applications. Designed for enterprise integration with structured endpoints, predictable response schemas, and compliance-grade logging. API and SDK access is issued only after programme qualification.

REST API

Verification endpoint

The core verification API accepts a chip identifier and challenge response, returning a structured authentication result with event identifier and metadata.

All requests are authenticated with API keys issued per programme. Responses conform to a versioned JSON schema. Endpoints are available in regional configurations to meet data residency requirements.

Access qualification

API and SDK access is issued only after programme qualification. Contact the team to begin the onboarding process for your integration.

Request API access

Illustrative example

POST /v1/verify Authorization: Bearer <api_key> Content-Type: application/json { "chip_id": "TT-4A2F9D8C", "challenge_response": "a3f8e1...", "programme_id": "PRG-0042" } HTTP 200 OK { "result": "authenticated", "event_id": "EVT-20260427-8823", "chip_id": "TT-4A2F9D8C", "issued_at": "2025-11-15T08:00:00Z", "status": "active", "programme": "PRG-0042" }

API reference

Core endpoints

POST /v1/verify

Verify a chip

Submit a chip identifier and challenge response for authentication. Returns authenticated, tampered, or unknown with event metadata.

GET /v1/chips/{id}

Retrieve chip record

Return the current status and metadata for a provisioned chip. Includes issue date, programme assignment, and lifecycle state.

POST /v1/chips/{id}/revoke

Revoke a chip

Mark a chip identity as revoked. Subsequent verification attempts will return a negative result with a revoked status flag.

GET /v1/events

Audit log export

Paginated export of verification events with filter parameters by date range, chip, programme, and result type. Suitable for compliance reporting.

POST /v1/webhooks

Webhook subscriptions

Subscribe to real-time event delivery for verification results, chip status changes, and programme lifecycle events.

Mobile SDKs

iOS and Android integration

Native SDK packages for embedding TrueTap verification directly in mobile applications. Handles NFC session management, challenge construction, and result parsing.

iOS SDK

Swift package supporting iOS 13+. Integrates with CoreNFC for NFC session management. Full support for background tag reading on compatible devices.

Illustrative example

import TrueTap let session = TrueTapSession(apiKey: "YOUR_KEY") session.verify(chipID: tag.identifier) { result in switch result { case .authenticated(let event): ... case .tampered: ... case .unknown: ... } }

Android SDK

Kotlin/Java library for Android 8.0+. Handles NFC intent dispatch, foreground dispatch for enforcement applications, and host card emulation contexts.

Illustrative example

val client = TrueTapClient(apiKey = "YOUR_KEY") client.verify( chipId = tag.id.toHexString(), programmeId = "PRG-0042" ) { result -> when (result) { is Authenticated -> handleAuth(result.event) is Tampered -> handleTamper() is Unknown -> handleUnknown() } }

Access

Request developer access

API credentials, SDK packages, and integration support are provided to qualified programme partners. Contact the team to begin the onboarding process.

Request API Access Architecture overview