Certificate Pinning Support Removal

Certificate Pinning is no longer supported. Please follow the steps below to disable pinning in your integration.

Note: Steps only required if interacting with SensibillSDK - can be identified by whether or not you have a SensibillSDK.start call in your code. Nothing is required if you’re only using the Standalone Capture module.

To disable certificate pinning in Spend Manager SDK, follow these steps:

  1. (Required Step) Add the following line before SensibillSDK.start call: SDKConfiguration.shared.certificatePinningEnabled = false
    • Note: this line can be added along with other SDKConfiguration changes, as long as it’s executed prior to SensibillSDK.start
  2. (Optional Steps) Perform the following steps to completely remove pinning artifacts from your app:
    1. Locate the Sensibill.plist in the main or external bundle you configured.
    2. Remove the names of the certificate files from the CERTIFICATE_PINNING_FILES key. Do not remove the key itself, leave it as an empty array.
    3. Locate and delete the COMODO.cer and GLOBALSIGN.cer files from your app.
  3. (Optional Verification) Run your app. Check the debug log in Xcode to ensure no errors related to pinning was encountered: If you observe an error “Certificate pinning is enabled, but no certificate names provided in Sensibill configuration file”, you forgot to set the SDKConfiguration.shared.certificatePinningEnabled flag to false.

Relevant documentation links:

In order to disable certificate pinning in the Sensibill Android SDK, follow these steps:

  1. (Find the right file)- Navigate to the file in which you initialize and start the SensibillSDK
  2. (Find the relevant section of code)- Find the block of code where you create an InitializationBuilder (eg. val initializationBuilder = InitializationBuilder(applicationContext, sensibillEnv, tokenProvider) from the “Get Started” section of our documentation )
  3. (Disable certificate pinning)- Add the following configuration to the initialization builder before using it in the SensibillSDK.initialize() call: initializationBuilder.certificatePinning(false)

Relevant documentation links: