Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Set a unique state parameter & store it in the current session to use it later in the onSuccess() callback method of the TcOAuthCallback to match if the state received from the authorization server is the same as set here to prevent request forgery attacks.
One good choice for a state token is a string of around 32 characters constructed using a high-quality random-number generator as we did above. Another approach could be a hash generated by signing some of your session state variables with a key that is kept secret on your back-end.
Truecaller OAuth SDK already verifies the request-response correlation before forwarding it to the your app.
Set the list of scopes to be requested.
Generate a unique code verifier & store it in the current session since it would be required later to generate the access token. It can be generated using the utility class CodeVerifierUtil provided in the SDK.
This utility method generates a random code verifier string using SecureRandom as the source of entropy with 64 as the default entropy quantity.
Set the corresponding code challenge using the code verifier generated in the previous step. This can be generated using the utility class CodeVerifierUtil provided in the SDK.
This utility method produces a code challenge from the supplied code verifier using SHA-256 as the challenge method and Base64 as encoding if the system supports it (all Android devices should ideally support SHA-256 and Base64), but in rare case if the device doesn’t, then this method would return null meaning that you can’t proceed further. Please ensure to have a null safe check for such cases.
Step by step guide to integrate Truecaller OAuth SDK with your android project.
In order to proceed with the integration, please refer to so as to understand various user flows and touch points in the user journey where Truecaller can be enabled.
Register on the to create your business account and manage OAuth projects.
Once you have created your account, create your OAuth project & generate credentials by following the steps
Once you have generated the credentials, you can easily, in a few simple steps integrate the Truecaller SDK by referring to our step-by-step guide in the subsequent sections.
Post integration completion, submit your project for review and go live.
Truecaller SDK provides you with capabilities to configure the following:
Refer to the below section for details on all the customization capabilities and the possible values you may set:
Contextual header [ .heading() ]
To provide the appropriate context of verification to the Truecaller user, use one of the below mentioned TruecallerSdkScope values to show the corresponding message to the user
Button text options [ .ctaTextPrefix() ]
To set the prefix on the CTA button
Button shape [ .buttonShapeOptions() ]
To chose the shape of the CTA button
Footer CTA text [ .footerType() ]
To configure the text of the additional footer CTA present at the bottom
Privacy policy :
To add your privacy policy link on the verification screen, you can configure the respective hyperlink from your developer account
Terms of service: To add your terms of service link on the verification screen, you can configure the respective hyperlink from your developer account
Language You can optionally customize the consent screen in any of the supported languages. To do so, add the following line :
Copy
Currently supported languages:
Log in to | TcSdkOptions.SDK_CONSENT_HEADING_LOG_IN_TO |
Sign up with | TcSdkOptions.SDK_CONSENT_HEADING_SIGNUP_WITH |
Sign in to | TcSdkOptions.SDK_CONSENT_HEADING_SIGN_IN_TO |
Verify number with | TcSdkOptions.SDK_CONSENT_HEADING_VERIFY_NUMBER_WITH |
Register with | TcSdkOptions.SDK_CONSENT_HEADING_REGISTER_WITH |
Get started with | TcSdkOptions.SDK_CONSENT_HEADING_GET_STARTED_WITH |
Proceed with | TcSdkOptions.SDK_CONSENT_HEADING_PROCEED_WITH |
Verify with | TcSdkOptions.SDK_CONSENT_HEADING_VERIFY_WITH |
Verify profile with | TcSdkOptions.SDK_CONSENT_HEADING_VERIFY_PROFILE_WITH |
Verify your profile with | TcSdkOptions.SDK_CONSENT_HEADING_VERIFY_YOUR_PROFILE_WITH |
Verify your phone number with | TcSdkOptions.SDK_CONSENT_HEADING_VERIFY_PHONE_NO_WITH |
Verify your number with | TcSdkOptions.SDK_CONSENT_HEADING_VERIFY_YOUR_NO_WITH |
Continue with | TcSdkOptions.SDK_CONSENT_HEADING_CONTINUE_WITH |
Complete order with | TcSdkOptions.SDK_CONSENT_HEADING_COMPLETE_ORDER_WITH |
Place order with | TcSdkOptions.SDK_CONSENT_HEADING_PLACE_ORDER_WITH |
Complete booking with | TcSdkOptions.SDK_CONSENT_HEADING_COMPLETE_BOOKING_WITH |
Checkout with | TcSdkOptions.SDK_CONSENT_HEADING_CHECKOUT_WITH |
Manage Details with | TcSdkOptions.SDK_CONSENT_HEADING_MANAGE_DETAILS_WITH |
Manage your details with | TcSdkOptions.SDK_CONSENT_HEADING_MANAGE_YOUR_DETAILS_WITH |
Login to <<APP_NAME>> with one tap | TcSdkOptions.SDK_CONSENT_HEADING_LOGIN_TO_WITH_ONE_TAP |
Subscribe to | TcSdkOptions.SDK_CONSENT_HEADING_SUBSCRIBE_TO |
Get updates from | TcSdkOptions.SDK_CONSENT_HEADING_GET_UPDATES_FROM |
Continue reading on | TcSdkOptions.SDK_CONSENT_HEADING_CONTINUE_READING_ON |
Get new updates from | TcSdkOptions.SDK_CONSENT_HEADING_GET_NEW_UPDATES_FROM |
Log in/ Signup with | TcSdkOptions.SDK_CONSENT_HEADING_LOGIN_SIGNUP_WITH |
Continue | TcSdkOptions.CTA_TEXT_CONTINUE |
Proceed | TcSdkOptions.CTA_TEXT_PROCEED |
Accept | TcSdkOptions.CTA_TEXT_ACCEPT |
Confirm | TcSdkOptions.CTA_TEXT_COFIRM |
Round | TcSdkOptions.BUTTON_SHAPE_ROUNDED |
Rectangle | TcSdkOptions.BUTTON_SHAPE_RECTANGLE |
Use another number | TcSdkOptions.FOOTER_TYPE_CONTINUE |
Use another method | TcSdkOptions.FOOTER_TYPE_ANOTHER_METHOD |
Enter details manually | TcSdkOptions.FOOTER_TYPE_MANUALLY |
Later | TcSdkOptions.FOOTER_TYPE_LATER |
english | en |
hindi | hi |
marathi | mr |
telugu | te |
malayalam | ml |
urdu | ur |
punjabi | pa |
tamil | ta |
bengali | bn |
kannada | kn |
swahili | sw |
arabic | ar |
In your Activity/Fragment where you want to integrate the Truecaller OAuth flow, either make the component implement the interface TcOAuthCallback or create an instance of it which you would require to initialize TcSdkOptions in the next step.
The interface has 2 functions which need to be overridden -
onFailure() method will be called in case of an error. You would get the error details like the error code and error message through tcOAuthError returned with this method.
onSuccess() method will be called when the user gives consent to authorize your app by tapping on the primary button on the Truecaller’s consent screen, and subsequently, an authorization code will be successfully generated and received. This method would return tcOAuthData which contains information like :
authorizationCode - which you can utilize to fetch the user’s access token
scopesGranted - list of scopes granted by the user
state - state parameter returned by the authorisation server. If the state set by your application is the same as the state returned by the authorisation server, it’s safe to proceed further. If state parameters are different, someone else has initiated the request and it could be a case of request forgery.
Override the onActivityResult() method of the component used in step 1 and call the onActivityResultObtained() method if the requestCode matches to TcSdk.SHARE_PROFILE_REQUEST_CODE.
Create a TcSdkOptions object by using the tcOAuthCallback from the previous step and provide the context. Supply the appropriate customization settings to the relevant methods of TcSdkOptions and use the instance of tcSdkOptions to initialize the TcSdk in the next step.
In case you do not wish to provide any customization settings and fall back to the default SDK settings, you may simply call -
Initialize TcSdk using the tcSdkOptions from the previous step :
Note: Truecaller OAuth SDK needs to be initialized only once in the component and the same instance can be accessed without the need to initialize it again, via TcSdk.getInstance()
Ideally, you should call the init() method when the component is getting created/initialized to avoid calling it multiple times.
Once the SDK is initialized, check whether the OAuth functionality is usable or not by calling :
If isUsable is True, you can proceed with further steps, otherwise, you’d have to fall back to some other mechanism ( your fallback verification flow ). Calling other SDK methods when isUsable is False would result in an exception, so please ensure to call this soon after initializing the SDK, and proceed to further steps only if this method returns True.
In order to clear the resources taken up by the SDK, you may use the following method
TcSdk.clear()
Ideally, you should call this method when the component in which you initialized the SDK is getting killed/destroyed.
For instance, if you have initialized the SDK in the onCreate() method of the activity lifecycle, then you need to call clear it in the onDestroy() method of the activity lifecycle.
To ensure the authenticity of interactions between your app and Truecaller, you need to generate a client ID from the Truecaller developer portal by following the steps below:
Go to https://sdk-console-noneu.truecaller.com/login and register your account.
Once registered, log in to your account and click on the "create project” button.
Enter the project name and select the business category from the dropdown menu. This will create a new project.
On the project screen, click the “add credential” button and select the platform as Android from the dropdown menu.
On the credential section, enter the package name and the SHA1.
Your package name corresponds to the applicationId in your app level build.gradle file.
You can get to know the SHA1 for your different app builds by following these steps :
Open your project in android studio
Open terminal
Type command ./gradlew signingReport
Once done you should be able to see the SHA1 fingerprint of your different build configurations [ debug /release ] in the terminal window within the android studio.
Once you input your app details and create the app, you will be able to see a unique "ClientID" for your app which you need to include in your project to authorise all verification requests.
Failure/ Error responses
The "onFailure" callback method that you just implemented in the previous step helps you to handle all the possible failure cases when the user couldn't be verified successfully via the Truecaller flow.
Below are some of the possible failure scenarios and the corresponding error response that you receive for each of the cases :
| Error Description | Error Code |
|---|
Please note that when you encounter any of the error scenarios and get the control in the "onFailure()" method, you should redirect the user to your alternate verification flow.
Exceptions
In case you face any of the following run time exceptions, please follow the recommended steps as mentioned below :
"No compatible client available. Please change your scope"
As the exception suggests, you are trying to call an SDK method even though no client is available to handle it. This usually happens if you have initialized the SDK using ONLY_TC_USERS scope option i.e to verify only the Truecaller users, and you are not calling isOAuthFlowUsable() method before calling an SDK method. To resolve this, call isOAuthFlowUsable() before calling any SDK method if you are using VERIFY_TC_USERS scope option.
"Please call init() on TruecallerSDK first"
This exception suggests that you are trying to call an SDK method before the SDK has been initialised. To resolve it, check for all possible user flows in your app which could lead to calling an SDK method directly before it has been initialised.
"Add client id in your manifest"
This exception suggests that you are trying to call SDK initialization/build method without having your clientID mentioned in your manifest as meta-data.
"OAuth scopes cannot be null or empty"
This exception suggests that you are trying to call SDK method - getAuthorisationCode before setting up the OAuth scopes.
"OAuth state cannot be null or empty"
This exception suggests that you are trying to call SDK method - getAuthorisationCode before setting up the OAuth state.
“Code challenge cannot be null or empty”
This exception suggests that you are trying to call SDK method - getAuthorisationCode before setting up the Code challenge.
To complete the verification you need to create a TrueProfile instance by passing the user's first and last name as defined above.
Please note that the first name and last name values to be passed in the above method call need to follow below mentioned rules :
The strings need to contains at least 1 alphabet, and cannot be completely comprised of numbers or special characters.
String length should be less than 128 characters.
First name is a mandatory field, last name can be empty ( but non nullable ).
Once you receive a callback in your VerificationCallback instance with the callbackType TYPE_MISSED_CALL_RECEIVED or TYPE_IM_OTP_RECEIVED , you can complete the verification process by calling the following method from within your activity :
Please note that Truecaller SDK 3.1.0 is not by default enabled for the IM OTP flow. This new update is currently under early access. In case you want to enable it for your app, please drop in a request at developersupport@truecaller.com
"Something went wrong" | 0 |
"Device is not supported" | 16 |
"Truecaller user has an invalid account state" | 10 |
"Invalid partner or partner information is missing" | 12 |
"Conflicting request code possible in onActivityResult()" | 6 |
"Truecaller app closed unexpectedly" | 7 |
"Truecaller app is not installed/loggedin" | 5 |
"User denied by pressing the footer button" | 11 |
"User denied by dismissing consent screen" | 14 |
"User denied while loading" | 2 |
"Truecaller sdk is old and not compatible" | 6 |
You can trigger the Truecaller profile verification dialog anywhere in your app flow by calling the following method
In case isOAuthFlowUsable() method returns false, implying that Truecaller app is not present on the device, you can take the user to your app screen and continue with the verification flow for non-Truecaller users.
Ensure that your Minimum SDK version is at least API level 24 or above. In case your android project compiles for API level below 24, you can include the following line in your AndroidManifest.xml file to avoid any compilation issues :
<uses-sdk tools:overrideLibrary="com.truecaller.android.sdk"/>
Using this would ensure that the SDK works normally for API level 24 & above, and would be disabled for API level < 24. Note: Please make sure that you put the necessary API level checks before accessing the SDK methods in case of compiling for API level < 24
2.1) Add the Truecaller SDK which contains OAuth functionality to your app-level build.gradle file
dependencies {
...
implementation "com.truecaller.android.sdk:truecaller-sdk:3.0.0"
}
2.2) Also, add the following lines of code in your gradle file, if not already present
android{
compileOptions{
sourceCompatibility JavaVersion.VERSION_1_8
targetCompatibility JavaVersion.VERSION_1_8
}
}
Add mavenCentral() in your project level build.gradle file :
allprojects{
repositories{
...
mavenCentral()
...
}
Also check your AGP and distribution URL version AGP : 7.4.2 (minimum) distributionUrl=https\://services.gradle.org/distributions/gradle-7.5-bin.zip (minimum).
Configure Client ID :
a.) Open your strings.xml file. Example path: /app/src/main/res/values/strings.xml and add a new string with the name "clientID" and value as your "clientID"
b.) Open your AndroidManifest.xml and add a meta-data element to the application element
<application android:label="@string/app_name" ...>
...
<meta-data android:name="com.truecaller.android.sdk.ClientId" android:value="@string/clientID"/>
...
This section defines the steps that can be used to trigger verification of non Truecaller app users which will be powered via Truecaller's drop call based verification flow
In order to verify both the Truecaller users (via OAuth Flow) and the non-Truecaller users (via manual verification), follow these steps :
Enable the Non Truecaller user verification capability for your app, by going to your project on the Truecaller developer portal and navigating to the bottom section.
Configure sdkOptions in the TcSdkOptions Builder and supply a value of TcSdkOptions.OPTION_VERIFY_ALL_USERS to it like below.
Configure permissions required by the SDK :
Once you receive a callback in the TcOAuthCallback#onVerificationRequired(), you can initiate the verification for the user by calling the following method:
Here -
the first parameter is the country code of the mobile number for which the verification needs to be triggered
the second parameter (PHONE_NUMBER_STRING) is the mobile number to be verified. Please ensure proper validations are in place so as to send correct phone number string to the above method, otherwise an exception would be thrown
the third parameter is an instance of VerificationCallback as defined here
the fourth parameter is an instance of FragmentActivity
Please note that Truecaller OAuth SDK v3.0.0 currently supports the verification for non-Truecaller users for Indian numbers only
Once you initiate the verification via TcSdk.getInstance().requestVerification() method, you will receive either a callback in your VerificationCallback instance with a specific requestType as described below
onRequestSuccess() method is called under any of the following scenarios -
When the OTP via Truecaller IM is successfully initiated for the input mobile number. In this case, you will get the callbackType as VerificationCallback.TYPE_IM_OTP_INITIATED
When the OTP via Truecaller IM is successfully detected on that device by the SDK present in your app. In this case, you will get the callbackType as VerificationCallback.TYPE_IM_OTP_RECEIVED
When drop call is successfully initiated for the input mobile number. In this case, you will get the callbackType as VerificationCallback.TYPE_MISSED_CALL_INITIATED
When drop call is successfully detected on that device by the SDK present in your app. In this case, you will get the callbackType as VerificationCallback.TYPE_MISSED_CALL_RECEIVED
When the verification is successful for a particular number. In this case, you will get the callbackType as VerificationCallback.TYPE_VERIFICATION_COMPLETE
When the user is already verified on that particular device before. In this case, you will get the callbackType as VerificationCallback.TYPE_PROFILE_VERIFIED_BEFORE
When callbackType is VerificationCallback.TYPE_MISSED_CALL_INITIATED, you will receive an additional parameter for the time to live i.e TTL (in seconds) which is passed as String extra in the VerificationDataBundle of onRequestSuccess().
This value determines amount of time left to complete the verification. You can use this value to show a waiting message to your user before they can try for another attempt.
Once the TTL expires, you can either auto-retry the verification by calling the requestVerification() method automatically with the same input parameters OR you can also take the user back to the number input screen to enter a different number for verification.
When the callbackType is VerificationCallback.TYPE_ALREADY_VERIFIED_BEFORE or VerificationCallback.TYPE_VERIFICATION_COMPLETE, it means that the user verification via Truecaller SDK is complete. In these cases, the SDK will share an additional access token with your application, which you may then use to validate the response at your server end. To fetch the access token, you may use the following code snippet :
Post fetching the access token, you may perform the server side validation by referring to the steps mentioned in the later part of the documentation here
onRequestFailure() method will be called when some error has occurred while verifying the provided mobile number. You will receive the appropriate error message from TrueException using TrueException#getExceptionMessage().For details of different possible error types you may encounter, please refer to the TrueException
Make a network call to fetch the userInfo using access token from step 14. The response would be corresponding to the scopes granted by the user.
GET https://oauth-account-noneu.truecaller.com/v1/userinfo
Headers
| Name | Type | Description |
|---|---|---|
200: OK
{
“sub”: “13627101294235520", “given_name”: “xyz”, “family_name”: “xyz”, “phone_number”: “91xxxxxxxxxx", “email”: “pqr@gmail.com”, “picture”: “https://www.truecaller.com/xyz”, “gender”: “male/female”, “phone_number_country_code”: “IN”, “phone_number_verified”: true, ˇ“address”: { “locality”: “Bangalore”, “postal_code”: “5xxxxx" } }
401: Unauthorized If authentication type is not bearer token
404: Not Found Profile information is not present for the user
500: Internal Server Error Failed to validate token due to server error
401: Unauthorized Token in invalid/ expired
422: Unprocessable Entity openid scope missing in initial request
500: Internal Server Error Unexpected error at server side
Sample cURL request :
Handling error responses for cases of verifying non-Truecaller users
| Error Code | Error Message | Description |
|---|---|---|
Once the SDK shares the accessToken for any user verified via drop call based verification flow, you can verify the authenticity of the access token by making API call from your server to Truecaller's server. The following endpoint will return phone number and country code for the given access token.
API Endpoint:
REQUEST :
Method : GET
Header Parameters:
Request Path Parameters:
RESPONSE:
200 OK - If access token is valid
404 Not Found - If your credentials are not valid
404 Not Found - If access token is invalid
500 Internal Error - for any other internal error
Authorization*
"Bearer <ACCESS_TOKEN>"
Insert access token from the previous step - fetching user token
4
"Desired permissions are missing"
When the requisite permissions are missing or not granted while making the verification request
6
“Sim state is not ready”
When the SIM state on the device is not ready
7
“Airplane mode is ON”
When the device is on airplane mode, hence causing missed call to not go through
2
"Phone number limit reached”
When the used mobile number has exceeded the maximum number of allowed verification attempts within a span of 24 hours from the time the first verification attempt was made
2
“Request id limit reached”
When the used device exceeds the maximum number of allowed verification attempts in a span of 24h
2
“Invalid partner credentials.
When the partner key ( app key ) you have configured in your project is incorrect. Visit here for more info
2
“Something went wrong: Failed to create installation.”
In case of Truecaller internal service error
2
“Invalid phone number”
When the input mobile number is not a valid mobile number
2
“Profile has not been created yet”
When the user has been successfully verified, but for some reason their profile is not created which could be due to incorrect profile data while creating TrueProfile() in verifyMissedCall method or due to network issues
5
“Invalid Name”
When the string entered in the profile builder method doesn’t follow the validation checks :
{
min 1 char, max 128, at least 1 alphabet required with optional numeric and special chars,
cannot be all numeric or all special characters, but can be all alphabets
}
Refer here for more info
Parameter Name | Required | Description | Example |
clientId | yes | Client ID | zHTqS70ca9d3e016946f19a65b01dRR5e56460 |
Parameter Name | Required | Description | Example |
accessToken | yes | token granted for the partner for the respective user number that initiated login | "71d8367e-39f7-4de5-a3a3-2066431b9ca8" |
Using the “state” from step 10, “code verifier” from step 12, and the “authorization code” from step 9, you need to make a network call to Truecaller’s backend so as to fetch the access token :
POST https://oauth-account-noneu.truecaller.com/v1/token
Headers
| Name | Type | Description |
|---|---|---|
Request Body
| Name | Type | Description |
|---|---|---|
200: OK Success
{ "access_token": "some-access-token", "expires_in": 3600, "token_type": "Bearer" }
400: Bad Request - If grant type is not supported 403: Forbidden - If client id is invalid 500: Internal Server Error - Unexpected error on the server side 400: Bad Request - Some of the parameters are empty in the request 403: Forbidden Valid grant type but not allowed for the client 403: Forbidden Invalid auth code provided 403: Forbidden Invalid/expired auth code in provided 403: Forbidden Invalid/expired code verifier is provided 429: Too Many Requests If the number of requests exceeds the allowed limit 503: Service Unavailable Resource unavailable due to server-side issue
Sample cURL request :
Content-Type*
application/x-www-form-urlencoded
String
grant_type
"authorization_code"
// hardcoded value
String
client_id
<YOUR_CLIENT_ID>
code
<USER_AUTHORISATION_CODE>
Authorisation code from TcOAuthData callback from step 9
code_verifier
<YOUR_CODE_VERIFIER>
From step 12
