Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/signing-sdk/face-auth-ios/llms.txt

Use this file to discover all available pages before exploring further.

TadSigningConfig is a struct that bundles all environment-specific settings required by the SDK. You create one instance per environment (development, production) and pass it to every TadSigningViewController you present.

Struct declaration

struct TadSigningConfig

Initializer

TadSigningConfig(
    apiBaseUrl: URL,
    publicKeyPem: String,
    rpId: String,
    serviceName: String,
    blockProxy: Bool
)

Parameters

apiBaseUrl
URL
required
Base URL of the TAD signing backend API. All SDK network requests are sent relative to this URL. Example: URL(string: "https://signing.tadi.uz")!
publicKeyPem
String
required
ES512 public key in PEM format, provided by the backend team. The SDK uses this key to verify the integrity of responses from the signing service. The string must include the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- header and footer lines.
rpId
String
required
WebAuthn relying party ID. This must exactly match the domain listed in your app’s Associated Domains entitlement (webcredentials:<rpId>). Passkey creation and assertion will fail if these values do not match.
serviceName
String
required
A string identifier for this app or service, sent to the backend to distinguish traffic sources. Use a consistent, lowercase, hyphen-separated identifier such as "tad-signing-demo".
blockProxy
Bool
required
When true, the SDK blocks requests routed through an HTTP proxy. Set this to true in production to prevent traffic interception. You may set it to false during local development when you need to inspect network traffic.

Example

The following is the full configuration from the demo app’s SDKConfig.swift: 
import Foundation
import TadSigningSDK

// Replace publicKeyPem with the ES512 public key provided by the backend team.
// Replace rpId and apiBaseUrl with the production values from your .env config.
enum SDKConfig {
    static let shared = TadSigningConfig(
        apiBaseUrl: URL(string: "https://signing.tadi.uz")!,
        publicKeyPem: """
        -----BEGIN PUBLIC KEY-----
        MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQANTC0w0ACO79+hPYfK5fEF9nAAztI
        zpD8M0UTyR4ON5DeT3nKY12noi9PVVCIK1uwImeqsWx56cc7kMmWC99RKV0Az3JC
        Zq5gRExuUzk+aWcoG3DppFy2hCwEVeuDTENz0P5Rhx/BBJ8Q4jWVOM2AM2W3SQ/q
        1nG5s8ixxX2BnPBTQ7w=
        -----END PUBLIC KEY-----
        """,
        rpId: "signing.tadi.uz",
        serviceName: "tad-signing-demo",
        blockProxy: true
    )
}
Never ship the demo public key shown above in a production app. Obtain your ES512 public key from your backend team and store it in your app’s secure configuration. Exposing the wrong key can allow spoofed responses to pass verification.
Declare your configuration as a static let on a dedicated type (as shown above with SDKConfig.shared) so it is initialized once and reused across every TadSigningViewController presentation in the app.

Associated Domains requirement

The rpId you pass here must appear in your app’s Associated Domains entitlement. In project.yml or Xcode’s Signing & Capabilities tab, add: 
webcredentials:<rpId>
For example, with rpId: "signing.tadi.uz": 
entitlements:
  properties:
    com.apple.developer.associated-domains:
      - webcredentials:signing.tadi.uz
The matching apple-app-site-association file must also be served at https://<rpId>/.well-known/apple-app-site-association.

Build docs developers (and LLMs) love

Get started for freeTalk to us