For Truecaller users verification flow

Search…

Recommended Steps for validating the authenticity of SDK response at your server side

Truecaller SDK already verifies the authenticity of the response before forwarding it to your app. However, if you wish to additionally check the authenticity of the response at your end, you can do so. 
In the response for TrueProfile we return -
Payload, which is a Base64 encoding of the json object containing all profile info
Signature, which contains the payload's signature . Signature is generated by applying signing algorithm with our private key
Signature Algorithm in the response header
To verify the payload, our public key for a given algorithm can be fetched using this API:
https://api4.truecaller.com/v1/key.
Using the payload, the signature and the public key, you can verify that the content sent is authentic through the following flow:
a. Apply verification, which means apply our public key to the signature (with given algorithm) and comparing result with payload
b. If verified, you would know that response comes from Truecaller's backend and is authentic. The profile can then be used as base64 decoding of the payload.
For details on the verification flow and sample code snippets in different programming languages, please refer this link​

ANDROID - Previous

Server Side Response Validation

For Non-Truecaller users verification flow

Last modified 1yr ago

Copy link