Integrating SilverDox SDK into Your Mobile and Web AppsIntegrating the SilverDox SDK into your mobile and web applications lets you add secure document management, on-device redaction, encryption, and audit-ready workflows without rebuilding core features from scratch. This guide walks through planning, setup, architecture, platform-specific implementation tips (iOS, Android, web), security considerations, performance tuning, testing, and deployment. Examples assume a modern tech stack (React or React Native for front end, Node.js for backend), but concepts apply broadly.
What SilverDox SDK Provides (High-level)
- Secure document storage and transfer: client-side encryption and server-side secure storage.
- Redaction and DLP tools: on-device redaction, automatic pattern detection (PII), and manual redaction UI.
- Audit and compliance: detailed event logs and tamper-evident records.
- Cross-platform SDKs: native modules for iOS (Swift), Android (Kotlin/Java), and JavaScript for web and React Native.
- Extensible APIs: upload/download, metadata, access controls, policy enforcement, and webhook/event integration.
Planning and Architecture
-
Goals and scope
- Define which features you need: storage, viewing, redaction, search, audit.
- Decide whether document processing happens on-device, server-side, or hybrid.
-
Data flow and components
- Client apps (iOS/Android/Web) integrate SilverDox SDK for local encryption, redaction UI, and upload/download.
- Backend service handles authentication, authorization, metadata storage, and optionally proxies uploads to SilverDox servers or your S3-compatible storage.
- Admin console or server-side jobs consume audit logs and webhooks.
-
Authentication and access control
- Use your identity provider (OAuth2/OIDC, SAML) to issue short-lived tokens to clients.
- Tokens authorize SDK operations; backend validates and enforces policies.
-
Compliance and privacy
- Identify regulated data classes and decide retention, redaction rules, and audit retention periods.
- Ensure encryption keys and key management follow your organizational policies (KMS/HSM).
Getting Started: Common Prerequisites
- SilverDox account and API credentials.
- Development environment for each platform (Xcode for iOS, Android Studio, Node.js + package manager).
- Access to key management (KMS) for production key handling.
- Familiarity with HTTPS, JWTs, OAuth2 flows, and secure storage on device (Keychain/Keystore).
Integrating on Web (JavaScript)
Overview: The SilverDox JavaScript SDK provides methods for encrypting documents in the browser, redaction UI components, streaming uploads, and event hooks.
-
Install
npm install silverdox-sdk -
Initialization “`javascript import SilverDox from ‘silverdox-sdk’;
const sd = new SilverDox({ apiKey: process.env.SD_API_KEY, // use short-lived tokens in production environment: ‘production’, // or ‘staging’ });
3. Authentication - Obtain a short-lived JWT from your backend (which authenticates the user). - Initialize SDK with that token or provide it on each request for better security. 4. Upload flow (example) ```javascript // file is a File object from <input type="file"> const token = await fetch('/api/sd-token').then(r=>r.json()); await sd.authenticate({ token }); const uploadResult = await sd.uploadFile({ file, metadata: { projectId: '123' }, redact: true, // enable automatic redaction pre-upload if needed }); - Redaction UI
- Use SilverDox-provided React components to enable visual redaction in-browser. “`javascript import { RedactionEditor } from ‘silverdox-sdk/react’;
6. Streaming large files - Use chunked uploads provided by the SDK to avoid memory spikes. Security tips: - Never embed long-lived keys in client code. - Always use short-lived tokens from your backend. - Store minimal metadata client-side. --- ## Integrating on iOS (Swift) Overview: SilverDox iOS SDK supports Swift and provides native viewers, editors, local encryption, and secure storage integration with Keychain and FileProtection. 1. Install (CocoaPods or Swift Package Manager) CocoaPods: ```ruby pod 'SilverDox' SPM:
- Add package URL to Xcode Packages.
- Initialize “`swift import SilverDox
let config = SDConfig(environment: .production, tokenProvider: { completion in fetchTokenFromBackend { token in completion(token) } }) SilverDox.shared.configure(with: config)
3. Authentication - Use backend-supplied short-lived tokens. Use ASWebAuthenticationSession or your app's auth flow to sign in and request tokens. 4. Viewing and redaction ```swift let viewer = SDDocumentViewer(documentId: id) present(viewer, animated: true) - The SDK exposes redaction tools and delegate callbacks for save/export.
- Secure local storage
- Save transient files to application container with NSFileProtectionComplete unless background processing requires different protection.
- Store keys/tokens in Keychain with kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly if background use is required; otherwise use kSecAttrAccessibleWhenUnlockedThisDeviceOnly.
Performance tips:
- Use background threads for document processing.
- Use thumbnails and progressive rendering for large PDFs.
Integrating on Android (Kotlin)
-
Install (Gradle)
implementation 'com.silverdox:sdk:1.2.3' -
Initialize
val config = SDConfig(env = "production") { callback -> getTokenFromBackend { token -> callback.onSuccess(token) } } SilverDox.initialize(context, config) -
Authentication
- Use your existing auth flow (OAuth2) to fetch short-lived tokens. Use Android AccountManager or your backend.
- Viewer and redaction
val intent = SDDocumentViewerActivity.createIntent(context, docId) startActivity(intent)
- SDK provides UI components and programmatic APIs for redaction and export.
- Storage & key handling
- Use Android Keystore for key material. Use FileProvider for secure file sharing.
Power tips:
- Use WorkManager for background uploads/downloads.
- Monitor memory access during document processing; prefer streaming APIs.
Backend Integration Patterns
- Token issuance service
- Endpoint: /api/sd-token
- Authenticates user, checks permissions, issues short-lived JWT scoped to required operations (upload/download/view).
- Metadata store
- Keep document metadata (owner, tags, retention policy) in your database and store document blobs in SilverDox or S3.
- Webhooks and audit ingestion
- Configure SilverDox to send webhooks on important events (upload, redaction, download).
- Verify webhook signatures and store events in an append-only audit log.
- Server-side processing
- For heavy batch redaction or OCR, use server-side workers that call SilverDox server APIs. Ensure workers use service account credentials and record actions to audit logs.
Security Considerations
- Use short-lived tokens issued by your backend for all client SDK operations.
- Keep encryption keys in an enterprise KMS (AWS KMS, GCP KMS, Azure Key Vault) and rotate periodically.
- Enforce least privilege access in tokens (scoped permissions).
- Protect webhooks with HMAC signatures; validate them.
- Use TLS everywhere and enforce strong ciphers.
- Log access and redaction events for compliance.
Testing and QA
- Unit test SDK wrappers and token flows.
- Integration tests against a staging SilverDox environment.
- Test edge cases: interrupted uploads, expired tokens, offline access, redaction undo/redo.
- Perform security testing: static analysis, penetration testing, and key leakage checks.
Performance & UX Tips
- Use chunked uploads and resumable transfers for large files.
- Render low-res previews first, then progressively load high-res pages.
- Allow offline caching with clear eviction policies.
- Provide clear UI for redaction steps, and confirm final redaction before irreversible actions.
Example End-to-End Flow (Concise)
- User authenticates with your app (OIDC).
- App requests a short-lived SilverDox token from your backend.
- App initializes SilverDox SDK with that token.
- User uploads a document through SDK; SDK encrypts client-side and uploads to SilverDox.
- User redacts sensitive fields in the SDK UI; an audit event is recorded.
- Backend receives webhook, updates metadata, and stores audit log.
Troubleshooting Common Issues
- Expired tokens: ensure token TTL matches UX (refresh proactively).
- Upload failures on mobile: use retry logic, background uploads, and chunking.
- Memory spikes: use streaming APIs and avoid loading whole docs into RAM.
- Webhook verification failures: validate signature and clock skew.
Migration & Versioning
- Keep SDK versions pinned and test upgrades in staging.
- Use feature flags to roll out new SDK features.
- Migrate keys and tokens in controlled windows; maintain backward compatibility for tokens where possible.
Summary
Integrating SilverDox SDK into mobile and web apps centralizes secure document handling while offloading complex features like redaction, encryption, and auditing. Focus on secure token issuance, careful architecture for on-device vs server processing, and thorough testing. With correct setup, SilverDox can greatly accelerate building compliant document workflows.