Rebar Android Data in Transit

Monkton, Inc.

Part of Rebar's compliance with NIAP and other associated security profiles is adherence to the API Boundary for Data in Transit (DIT). DIT compliance for the app is achieved by leveraging Rebar's network interfaces.

Rebar's implementation of TLS is completely transparent to users when making Web Service calls. If you use libraries like Stripes OKHttp, Rebar will automatically harden the TLS connections. When you make requests, you will need to add the Rebar signing headers to requests yourself, as well as your Web Service Bearer Tokens.

Rebar natively supports:

  • Java/Kotlin HttpsURLConnection
  • Square's OkHttpClient

Note Please inquire if you have another library you'd prefer to leverage support@monkton.io.

Adding Rebar Headers

To make a call to Rebar, you will need to embed the Rebar Bearer Tokens signed headers. These are generated via the RebarUtil.instance.signedRebarHeaders method in Rebar. This method generates a dictionary of header names and values that you can embed in your HTTP request that authenticate users.

HttpsURLConnection Example

For HttpsURLConnection we have included extension methods that make this process easier.

// The URL to invoke
val urlValue = URL(url)

// Setup the connection
val urlConnection = urlValue.openConnection() as HttpsURLConnection

// Always call this before invocation to harden (will be automated in future)
urlConnection?.rebarInitalize()

OkHttp Example

OkHttp requires a minor bit of manual work, but made easier by the .apply {} closure:

// Grab the URL
val url = "https://api.compliant.app"

// Create the OkHttpClient
val client = OkHttpClient()

// Build the request. We will add the Rebar headers and our Web Service Bearer Token headers
val request = Request.Builder()
    .url(url)
    .apply {
        // Add the Rebar headers
        RebarUtil.instance.signedRebarHeaders.forEach {
            this.addHeader(it.key, it.value)
        }
    }
    .build();

Web Service Headers

If you are calling Web Services directly with your app, you may have a token generation service that returns your Web Service Bearer Token (WSBT). The WSBT can be stored via the RebarUtil.instance.setWebServiceApiKeys method and leveraged with the RebarUtil.instance.signedHeadersForWebServiceApi method. The RebarUtil.instance.signedHeadersForWebServiceApi method will generate signed headers that can be embedded within your Web Service call.

HttpsURLConnection Example

For HttpsURLConnection we have included extension methods that make this process easier.

// The URL to invoke
val urlValue = URL(url)

// Setup the connection
val urlConnection = urlValue.openConnection() as HttpsURLConnection

// Always call this before invocation to harden (will be automated in future)
urlConnection?.rebarInitalize()

// If we are connecting to a web service that will point back to Rebar to validate
// the user, sign the request with the headers
//
// Depending on your use case, you may not need to perform this action
urlConnection?.webServiceSign("my-web-service")

OkHttp Example

OkHttp requires a minor bit of manual work, but made easier by the .apply {} closure:

// Grab the URL
val url = "https://api.compliant.app"

// Create the OkHttpClient
val client = OkHttpClient()

// Build the request. We will add the Rebar headers and our Web Service Bearer Token headers
val request = Request.Builder()
    .url(url)
    .apply {
        // Add the Rebar headers—Always do this because we may need to revalidate the tokens on the backend
        RebarUtil.instance.signedRebarHeaders.forEach {
            this.addHeader(it.key, it.value)
        }
    }
    .apply {
        // If you are using Rebar's Web Service Bearer Tokens, you can apply them here
        RebarUtil.instance.signedHeadersForWebServiceApi("my-web-service").forEach {
            this.addHeader(it.key, it.value)
        }
    }
    .build();