Account Management

Set up your account and obtain or update keys

Welcome to Truepic! Currently, the Truepic team manages account configurations and API keys. You'll be able to manage these yourself in the near future. Lens SDKs, libraries, and APIs require keys in order to work

The first step in the integration process is providing us with the information required to issue you keys across platforms. Our SDKs, libraries, and APIs require valid keys used only in allowed origins and applications. The exception is the display library, which is currently available for free and without registration.

Registration Information Requirements

Account creation

Accounts at Truepic start with organizations. Your company is welcome to have multiple if it makes sense for your use case, though we recommend one organization and as many org units as needed instead. Org units contain apps, and each org unit has either a test or production environment designation. We do this so you can keep your keys separate by environment. There is no additional charge for multiple items of any type.

ItemDescriptionExample
OrgWhat organization name would you like to be associated with your overall Truepic account? This will be included in the metadata of every photo and video captured via the Lens SDK.Truepic
Org UnitThe department, product, or division name that will integrate the SDK into one of your many mobile applications. If you have one application, the Org Unit may be identical to the Org Name.Vision
Org Unit CountryThe country in which the Org Unit or division is based. Default value is US.US
Org Unit EnvironmentWhether this org unit's environment is test or production.test

Once you have an org and one or more org units set up, we can register apps and generate keys within them. Here's the information we need for each platform.

iOS SDK keys

ItemDescriptionExample
App NameThe name of the application as listed in the Apple App Store.My App
App IDThe unique app reference ID as it will be submitted to the Apple App Store. The App ID is a combination of the App ID Prefix (or Team ID) and Bundle ID, joined by a period.XZBPL6P2LU.com.epic.analysis

Obtain your iOS App ID

  1. Log in to developer.apple.com
  2. Click on Certificates, IDs & Profiles
  3. Click on Identifiers
  4. Find the Bundle ID for your app, e.g. com.mycompany.myapp. Click on that row.
  5. This opens the Certificates, Identifiers & Profiles page. Look for App ID Prefix.
  6. The App ID is a combination of the App ID Prefix (or Team ID) and Bundle ID, joined by a period.

Android SDK keys

ItemDescriptionExample
App NameThe name of the application as listed in the Play Store.My App
Package NameThe name of the package as it will be submitted to the Google Play Store.com.epic.analysis
SHA-256 Certificate FingerprintA short and unique representation of a certificate used to digitally sign your APK before it is installed on a device or updated. You can have multiple certificate digests defined for the same app and key. Please convert convert the hexadecimal fingerprint to base64 before sharing with us.aAxXZqd4VXr6vLLQcnpbDC Z/zxS1/QBVR3dwp4k6rFP=

Obtain your Android app’s certificate fingerprint

There are two ways to get your app's certificate fingerprint.

Locally

Run the following command:

keytool -list -v -keystore path-to-your-keystore-file -alias your-alias-name -storepass your-keystore-password

Replace the following placeholders:

  • path-to-your-keystore-file: Replace this with the path to your keystore file (e.g., `/path/to/your/keystore.jks).
  • your-alias-name: Replace this with the alias name you used when generating the key pair for your app.
  • your-keystore-password: Replace this with the password for your keystore.

Running this command will output various information about the certificate, including its SHA-256 fingerprint. Look for the "SHA256" value under the "Certificate fingerprint" section.

Keep in mind that this command is specific to Java-based Android projects. If you're using a different development environment, the process might differ slightly.

Google Admin

Log into your Google Play Admin panel for your distributed app and navigate to “App Integrity.”

Before sending us your fingerprint, convert the SHA-256 value to base64 with this command:
echo "SHA256_TEXT_REPRESENTATION" | xxd -r -p | openssl base64

Certificate hashes may change during development and pre- and post-app distribution. We are able to accept multiple certificate digests per app, if that is needed. If you'd to prevent this value from changing during development among multiple developers, follow our guide here.


Web SDK keys

Capture Library

ItemDescriptionExample
App NameThe name of the web app or website.MyInsurance
Origin(s)The origin(s) (scheme, hostname, and port) that will be making the request to Truepic from your app's environment (test/development or production). Only allowed origins will be able to load the Javascript library. Wildcards are allowed for subdomains. You may provide as many urls as needed.https://my-staging.app.com

Display Library

For the web SDK's display library, registration is not currently required. You are welcome to use the script without setting up Truepic account.


API keys

Once you have an org and an org unit, there are no required fields to be issued API keys, but be sure to send us webhook details in order to be issued a secret.

Optional API information

ItemDescription
Default Capture OptionsThis field is set at the org unit level and applies to all API keys for that org unit. Please take a moment to review the Captures Model in the API reference for a full list of fields we return in the JSON response. All options are enabled by default unless configured otherwise. Are there any fields you do not want returned in your response, ever?
Capture Retention PeriodThis field is set at the org unit level and applies to all API keys for that org unit. We will automatically delete any images uploaded to our API for post-capture processing, as well as the extracted details after a predetermined period of time. This value can have a minimum of 1 hour, and a maximum of 30 days. Default value is 30 days.
Manual Image Deletion PermissionAll processed images will be automatically deleted based on the Capture Auto Delete Interval you defined above. Let us know if you also need to manually delete captures (via captures.delete).

Webhook configuration

Webhooks are not associated with specific API keys, but rather with your org unit as a whole. Multiple webhooks associated with your org unit means that all of those webhooks will receive the same events.

ItemDescriptionExample
Webhook URLThe location (staging or production, depending on the org unit) where we will send the webhook. This URL must be secure and over HTTPS.https://api.true-epic-co.com/webhooks/lens
API Events to SendYou may choose to receive all or some of the five webhook events, depending on if they are pertinent or useful to your development needs. The URL will receive a webhook for all actions performed for every photo or video. All events are returned by default.all (default)


Account Management Reference

Here is a helpful reference of how Lens accounts are structured. You can use this to understand what can be configured and how each object relates to each other.

Account structure

Each object can contain multiple child objects, even keys.

Org

Org Unit

      ↳ App

           ↳ Key

Configuration options

OrgOrg UnitApp
Name
string
Name
string
Name
string
Country
Two-letter ISO-3166 country code
Platform
One of: ios, android, web, server, other
Environment
One of:test,production
iOS:iOS App ID
string
API: API Capture Retention Period
number
Android: Android Package
string
API: Webhook URL
string
Android: Android Certificate Digests
array (string), can contain multiple
web: Origin
array (string), can contain multiple

Key Scopes

Here are the key scopes for each platform. We can change your key scopes at any point, just let us know.

ScopePermission descriptioniOS/AndroidAPI
enrollments.createEnroll that SDK instance on that device✔️
captures.createUpload photos and videos to the API to be processed✔️
captures.readRequest details on photos and videos in process or that have not yet been deleted✔️
captures.updateUpdate custom data on photos and videos in process or that have not yet been deleted✔️
captures.deleteManually delete processed photos and videos, prior to auto-deletion once the Caption Retention Period passesnot default


Get keys or make changes

Connect with your Truepic representative over email or Slack. We can accommodate all of your requests such as processing accounts, updating information, generating keys, and more. You will receive your keys through secure transfer.

All account details can be updated without invalidating existing keys or issuing new ones. However, we may not be able to re-send you your existing key once we have issued it to you, so please be sure to keep track of them. If you lost it, we can issue you new ones, with or without invalidating the existing ones.