# Table of Contents - [1. Introduction | Bayun AWSS3 Wrapper JavaScript Programming Guide](#1-introduction-bayun-awss3-wrapper-javascript-programming-guide) - [1. Introduction | BayunCoreSDK Android Programming Guide](#1-introduction-bayuncoresdk-android-programming-guide) - [3. Getting Started | BayunCoreSDK Android Programming Guide](#3-getting-started-bayuncoresdk-android-programming-guide) - [4. Integrate Bayun SDK | BayunCoreSDK Android Programming Guide](#4-integrate-bayun-sdk-bayuncoresdk-android-programming-guide) - [2. Quick Start Guide for Beginners | BayunCoreSDK Android Programming Guide](#2-quick-start-guide-for-beginners-bayuncoresdk-android-programming-guide) - [5. Authentication | BayunCoreSDK Android Programming Guide](#5-authentication-bayuncoresdk-android-programming-guide) - [5.1 Register with Password | BayunCoreSDK Android Programming Guide](#5-1-register-with-password-bayuncoresdk-android-programming-guide) - [5.5 Logout | BayunCoreSDK Android Programming Guide](#5-5-logout-bayuncoresdk-android-programming-guide) - [5.4 Login without Password | BayunCoreSDK Android Programming Guide](#5-4-login-without-password-bayuncoresdk-android-programming-guide) - [5.3 Login with Password | BayunCoreSDK Android Programming Guide](#5-3-login-with-password-bayuncoresdk-android-programming-guide) - [5.6 Change Password | BayunCoreSDK Android Programming Guide](#5-6-change-password-bayuncoresdk-android-programming-guide) - [5.2 Register without Password | BayunCoreSDK Android Programming Guide](#5-2-register-without-password-bayuncoresdk-android-programming-guide) - [6.4 Get Locking Key | BayunCoreSDK Android Programming Guide](#6-4-get-locking-key-bayuncoresdk-android-programming-guide) - [6. BayunCoreSDK Operations | BayunCoreSDK Android Programming Guide](#6-bayuncoresdk-operations-bayuncoresdk-android-programming-guide) - [6.2 Lock/Unlock Text | BayunCoreSDK Android Programming Guide](#6-2-lock-unlock-text-bayuncoresdk-android-programming-guide) - [6.1 Lock/Unlock File | BayunCoreSDK Android Programming Guide](#6-1-lock-unlock-file-bayuncoresdk-android-programming-guide) - [6.3 Lock/Unlock Data | BayunCoreSDK Android Programming Guide](#6-3-lock-unlock-data-bayuncoresdk-android-programming-guide) - [2. Getting Started | Bayun AWSS3 Wrapper JavaScript Programming Guide](#2-getting-started-bayun-awss3-wrapper-javascript-programming-guide) - [4. Authentication | Bayun AWSS3 Wrapper JavaScript Programming Guide](#4-authentication-bayun-awss3-wrapper-javascript-programming-guide) - [9. BayunRC | BayunCoreSDK Android Programming Guide](#9-bayunrc-bayuncoresdk-android-programming-guide) - [5. Store And Retrieve Files securely from Amazon S3 | Bayun AWSS3 Wrapper JavaScript Programming Guide](#5-store-and-retrieve-files-securely-from-amazon-s3-bayun-awss3-wrapper-javascript-programming-guide) - [4.2 Authentication Using AWS Cognito Service Wrapper | Bayun AWSS3 Wrapper JavaScript Programming Guide](#4-2-authentication-using-aws-cognito-service-wrapper-bayun-awss3-wrapper-javascript-programming-guide) - [5.2 Transferring files using SecureS3 | Bayun AWSS3 Wrapper JavaScript Programming Guide](#5-2-transferring-files-using-secures3-bayun-awss3-wrapper-javascript-programming-guide) - [7.1 Create Group | BayunCoreSDK Android Programming Guide](#7-1-create-group-bayuncoresdk-android-programming-guide) - [7.3 Get Unjoined Public Groups | BayunCoreSDK Android Programming Guide](#7-3-get-unjoined-public-groups-bayuncoresdk-android-programming-guide) - [7.4 Join Public Group | BayunCoreSDK Android Programming Guide](#7-4-join-public-group-bayuncoresdk-android-programming-guide) - [7.2 Get My Groups | BayunCoreSDK Android Programming Guide](#7-2-get-my-groups-bayuncoresdk-android-programming-guide) - [7.8 Remove Group Member | BayunCoreSDK Android Programming Guide](#7-8-remove-group-member-bayuncoresdk-android-programming-guide) - [6. BayunS3 | Bayun AWSS3 Wrapper JavaScript Programming Guide](#6-bayuns3-bayun-awss3-wrapper-javascript-programming-guide) - [7. Groups | BayunCoreSDK Android Programming Guide](#7-groups-bayuncoresdk-android-programming-guide) - [7.5 Get Group By Id | BayunCoreSDK Android Programming Guide](#7-5-get-group-by-id-bayuncoresdk-android-programming-guide) - [5.1 Transferring files using standard AWSS3 SDK | Bayun AWSS3 Wrapper JavaScript Programming Guide](#5-1-transferring-files-using-standard-awss3-sdk-bayun-awss3-wrapper-javascript-programming-guide) - [7.6 Add Group Member | BayunCoreSDK Android Programming Guide](#7-6-add-group-member-bayuncoresdk-android-programming-guide) - [4.2.2 Using user pools with Bayun AWSS3 wrapper 'SecureAuthentication' | Bayun AWSS3 Wrapper JavaScript Programming Guide](#4-2-2-using-user-pools-with-bayun-awss3-wrapper-secureauthentication-bayun-awss3-wrapper-javascript-programming-guide) - [8. Bayun Errors | BayunCoreSDK Android Programming Guide](#8-bayun-errors-bayuncoresdk-android-programming-guide) - [4.1 Authentication using Bayun APIs | Bayun AWSS3 Wrapper JavaScript Programming Guide](#4-1-authentication-using-bayun-apis-bayun-awss3-wrapper-javascript-programming-guide) - [3. Integrate Bayun SDK | Bayun AWSS3 Wrapper JavaScript Programming Guide](#3-integrate-bayun-sdk-bayun-awss3-wrapper-javascript-programming-guide) - [7.7 Add Group Members | BayunCoreSDK Android Programming Guide](#7-7-add-group-members-bayuncoresdk-android-programming-guide) - [7.9 Remove Group Members | BayunCoreSDK Android Programming Guide](#7-9-remove-group-members-bayuncoresdk-android-programming-guide) - [4.2.1 Using user pools with AWS JavaScript SDK | Bayun AWSS3 Wrapper JavaScript Programming Guide](#4-2-1-using-user-pools-with-aws-javascript-sdk-bayun-awss3-wrapper-javascript-programming-guide) - [7.11 Leave Group | BayunCoreSDK Android Programming Guide](#7-11-leave-group-bayuncoresdk-android-programming-guide) - [7.12 Delete Group | BayunCoreSDK Android Programming Guide](#7-12-delete-group-bayuncoresdk-android-programming-guide) - [7.10 Remove Group Members Except List | BayunCoreSDK Android Programming Guide](#7-10-remove-group-members-except-list-bayuncoresdk-android-programming-guide) - [5. Authentication | BayunCoreSDK JavaScript Programming Guide](#5-authentication-bayuncoresdk-javascript-programming-guide) - [1. Introduction | BayunCoreSDK JavaScript Programming Guide](#1-introduction-bayuncoresdk-javascript-programming-guide) - [2. Quick Start Guide for Beginners | BayunCoreSDK JavaScript Programming Guide](#2-quick-start-guide-for-beginners-bayuncoresdk-javascript-programming-guide) - [3. Getting Started | BayunCoreSDK JavaScript Programming Guide](#3-getting-started-bayuncoresdk-javascript-programming-guide) - [4. Integrate Bayun SDK | BayunCoreSDK JavaScript Programming Guide](#4-integrate-bayun-sdk-bayuncoresdk-javascript-programming-guide) - [5.1 Register with Password | BayunCoreSDK JavaScript Programming Guide](#5-1-register-with-password-bayuncoresdk-javascript-programming-guide) - [5.5 Logout | BayunCoreSDK JavaScript Programming Guide](#5-5-logout-bayuncoresdk-javascript-programming-guide) - [5.2 Register without Password | BayunCoreSDK JavaScript Programming Guide](#5-2-register-without-password-bayuncoresdk-javascript-programming-guide) - [5.6 Change Password | BayunCoreSDK JavaScript Programming Guide](#5-6-change-password-bayuncoresdk-javascript-programming-guide) - [8. Bayun Errors | BayunCoreSDK JavaScript Programming Guide](#8-bayun-errors-bayuncoresdk-javascript-programming-guide) - [5.4 Login without Password | BayunCoreSDK JavaScript Programming Guide](#5-4-login-without-password-bayuncoresdk-javascript-programming-guide) - [5.3 Login with Password | BayunCoreSDK JavaScript Programming Guide](#5-3-login-with-password-bayuncoresdk-javascript-programming-guide) - [6. BayunCoreSDK Operations | BayunCoreSDK JavaScript Programming Guide](#6-bayuncoresdk-operations-bayuncoresdk-javascript-programming-guide) - [7. Groups | BayunCoreSDK JavaScript Programming Guide](#7-groups-bayuncoresdk-javascript-programming-guide) - [7.2 Get My Groups | BayunCoreSDK JavaScript Programming Guide](#7-2-get-my-groups-bayuncoresdk-javascript-programming-guide) - [7.4 Join Public Group | BayunCoreSDK JavaScript Programming Guide](#7-4-join-public-group-bayuncoresdk-javascript-programming-guide) - [6.3 Lock/Unlock Binary Data | BayunCoreSDK JavaScript Programming Guide](#6-3-lock-unlock-binary-data-bayuncoresdk-javascript-programming-guide) - [6.1 Lock/Unlock Text | BayunCoreSDK JavaScript Programming Guide](#6-1-lock-unlock-text-bayuncoresdk-javascript-programming-guide) - [7.7 Add Group Members | BayunCoreSDK JavaScript Programming Guide](#7-7-add-group-members-bayuncoresdk-javascript-programming-guide) - [7.3 Get Unjoined Public Groups | BayunCoreSDK JavaScript Programming Guide](#7-3-get-unjoined-public-groups-bayuncoresdk-javascript-programming-guide) - [7.11 Leave Group | BayunCoreSDK JavaScript Programming Guide](#7-11-leave-group-bayuncoresdk-javascript-programming-guide) - [7.10 Remove Group Members Except List | BayunCoreSDK JavaScript Programming Guide](#7-10-remove-group-members-except-list-bayuncoresdk-javascript-programming-guide) - [7.1 Create Group | BayunCoreSDK JavaScript Programming Guide](#7-1-create-group-bayuncoresdk-javascript-programming-guide) - [7.12 Delete Group | BayunCoreSDK JavaScript Programming Guide](#7-12-delete-group-bayuncoresdk-javascript-programming-guide) - [6.4 Get Locking Key | BayunCoreSDK JavaScript Programming Guide](#6-4-get-locking-key-bayuncoresdk-javascript-programming-guide) - [7.9 Remove Group Members | BayunCoreSDK JavaScript Programming Guide](#7-9-remove-group-members-bayuncoresdk-javascript-programming-guide) - [7.5 Get Group By Id | BayunCoreSDK JavaScript Programming Guide](#7-5-get-group-by-id-bayuncoresdk-javascript-programming-guide) - [7.6 Add Group Member | BayunCoreSDK JavaScript Programming Guide](#7-6-add-group-member-bayuncoresdk-javascript-programming-guide) - [6.2 Lock/Unlock File Text | BayunCoreSDK JavaScript Programming Guide](#6-2-lock-unlock-file-text-bayuncoresdk-javascript-programming-guide) - [7.8 Remove Group Member | BayunCoreSDK JavaScript Programming Guide](#7-8-remove-group-member-bayuncoresdk-javascript-programming-guide) --- # 1. Introduction | Bayun AWSS3 Wrapper JavaScript Programming Guide As the name suggests, it provides a wrapper on top of AWSS3 original SDK, to make life easy for developers storing any part of their application data on S3. It internally relies on BayunCoreSDK to do the actual locking or unlocking of objects, before uploading them to an S3 bucket, or after downloading them from a bucket respectively. The developer uses exactly similar API as provided by the original AWSS3 SDK, and the underlying calls take care of all encryption/decryption and key-management transparently, while keeping the user or enterprise IT in full control. The developer herself doesn't need to worry about any key-management, or even having any access to any customer data or encryption keys. [Next2\. Getting Started](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/2.-getting-started) Last updated 2 years ago --- # 1. Introduction | BayunCoreSDK Android Programming Guide BayunCoreSDK provides a simple to use framework for locking/unlocking of different data-types, including files, text, and binary data - for employees of a company, and/or general users, e.g. customers, contractors, or partners. Developers can integrate this framework into any application to start protecting the application data. This core SDK forms the basis for all security and control functionality provided by Bayun. In this guide you will find code and examples written in **Java** and **Kotlin** for every task you'll need to implement to create an application using Bayun. You should be able to use the code provided as it is into your own apps with minimal changes. [Next2\. Quick Start Guide for Beginners](https://bayun.gitbook.io/bayuncoresdk-android/2.-quick-start-guide-for-beginners) Last updated 12 months ago Was this helpful? --- # 3. Getting Started | BayunCoreSDK Android Programming Guide You’ll need the following development tools to develop an application using Bayun SDK: * Java Development Kit (JDK) version 8. * Android SDK version 5.0 (Lollipop, API version 21) or later, depending on your app’s requirements. * Gradle 2.4 or later. You can download gradle from gradle.org. * IntelliJ version 14 or later or Android Studio. * An Android device running Android 5.0 (Lollipop) or later. [](https://bayun.gitbook.io/bayuncoresdk-android/2-getting-started#id-3.1-getting-the-bayun-sdk) 3.1 Getting the Bayun SDK ------------------------------------------------------------------------------------------------------------------------------- Downloaded the Bayun SDK from [Github](https://github.com/bayunsystems/BayunSDK) . Demo applications can be found in [BayunSDK/Android/TestApps](https://github.com/bayunsystems/BayunSDK/tree/master/Android/TestApps) . The demo applications use the `Bayun.aar` to showcase common usage. [](https://bayun.gitbook.io/bayuncoresdk-android/2-getting-started#id-3.2-register-as-developer) 3.2 Register as Developer ------------------------------------------------------------------------------------------------------------------------------- Register with [Bayun Developer Program](https://www.digilockbox.com/admin/showRegisterEmail) as developer. Developer account facilitates the registration of applications with Bayun. [](https://bayun.gitbook.io/bayuncoresdk-android/2-getting-started#id-3.3-register-a-new-application) 3.3 Register a new Application ----------------------------------------------------------------------------------------------------------------------------------------- To create an application on [Bayun Console](https://www.digilockbox.com/admin/developer/showCreateApplication) , you need to provide your Application name. Click on the "Create New Application" after providing your application name. The app name that you provide should preferably be the same name as the one used for the app on Play Store. Click on the "Create New Application" after providing your application name. ![](https://bayun.gitbook.io/bayuncoresdk-android/~gitbook/image?url=https%3A%2F%2F494789150-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252F-M6nZ8-2IWDhoAVgYFiw%252Fuploads%252FbSTdgXGW2HNkZpysa74u%252FCreateApp.png%3Falt%3Dmedia%26token%3Dd08aa27f-5e5b-4c15-b015-c4549e456897&width=768&dpr=4&quality=100&sign=6007a62c&sv=2) Create New Application We provide you with an **Application Id, Application Salt, Application Secret** and **Base URL** when your app is registered with Bayun. The Application Id, Application Salt, Application Secret and Base URL will be needed along with the other information when you login with Bayun's `Lockbox Management Server` to use Bayun features. These should be kept secure. You MUST register every new app with Bayun, and use a different Application Id and Application Secret for every app. Otherwise the data security of your apps will potentially be compromised, and the admin-panel functionality of different apps (used as a dashboard by enterprise admins for control and visibility) is also likely to get mixed-up. An `Application Id` uniquely identifies your app with Bayun across all platforms. ![](https://bayun.gitbook.io/bayuncoresdk-android/~gitbook/image?url=https%3A%2F%2F494789150-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252F-M6nZ8-2IWDhoAVgYFiw%252Fuploads%252FdoLDppHZ30tzlGrwb3xb%252FApplicationsList.png%3Falt%3Dmedia%26token%3D4df18164-4b5a-4bd3-b232-3b872e7c6a96&width=768&dpr=4&quality=100&sign=8dc8e4cc&sv=2) The `Application Secret` can have different Roles. Role defines the privileges an app will have when using a particular secret. Following are the Application Secret roles: **ACCESS**: Secret with this role is required by an application to connect to Bayun's Server for logging-in a user, and access user’s lockbox. The app needs to provide secret with this role to the Bayun SDK for being able to make any calls on behalf of the logged-in user. So it must be there for any app that users interact with (e.g. web app, or mobile app). It works only for an existing user registered on Bayun server, and does not allow creation of a new user or new company. It is recommended that it be used as the only role granted to secret of a client side app that does not require onboarding new users. **CREATION:** Secret with this role is required by an application to create new users and new companies on Bayun's server. The application needs to provide secret with this role to the Bayun SDK for being able to make any call that requires creation of new users (e.g. while using autoCreateEmployee in `loginEmployeeWithPassword` call for a user trying to log-in for the first time, or explicitly on-boarding a new user via register call who may or may not be trying to log-in). Since an app with this role is allowed to create new user identities, the key-pairs (privateKey and publicKey) for new users are generated under control of such an app. It can be used on either the client-side or server side application built by the developer. If used on the client-side (e.g. in a mobile-app), it is strongly recommended that the same secret not have the AUTHORIZATION role as well, and authorization for the user being on-boarded is done separately (preferably on the server side). This is to ensure that a rogue app can’t create spurious users using a stolen secret. **AUTHORIZATION:** Secret with this role is required by an application to authorize on-boarding of new users and new companies on Bayun's server. The application needs to provide a secret with this role to the Bayun SDK for being able to make any call that requires authorization of new users being created (e.g. while using autoCreateEmployee in `loginEmployeeWithPassword` call itself, or explicitly calling authorizeEmployee). Before authorizing a new user account for onboarding, the app must validate that the same user is first authenticated using its own mechanism, and indeed authorized to create an account on Bayun server. It is recommended that this be used on the server side application built by the developer. If used on the client-side (e.g. in a mobile-app) for testing/trial purposes, it is strongly recommended that this secret is kept secure inside the app, and not hard-coded in the app's code. Its best if it is fetched by the app from developer's server only after authenticating the user. If the app does not need to create new users (e.g. operating with existing users only, while new users are created elsewhere), then the app-secret for that app only needs the `ACCESS` role. If the application needs to allow creation of new users as well, besides allowing existing users to login, the recommended best practice is to create one secret with roles `ACCESS` and `CREATION` for use by this app on the client side. And a separate server-side app should then authorize creation of new users using an app-secret with the role `AUTHORIZATION`. This way the user key-pair is created on the client side with the server itself never getting access to the private key of the user even temporarily, and yet the server gets to ensure that the new user is indeed authorized to be created by the app to prevent a rogue app with stolen app secret from creating fake users. ![](https://bayun.gitbook.io/bayuncoresdk-android/~gitbook/image?url=https%3A%2F%2F494789150-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252F-M6nZ8-2IWDhoAVgYFiw%252Fuploads%252FviahyeWF9JiYqhizyFeq%252FAppSecrets.png%3Falt%3Dmedia%26token%3D31458061-8a43-46fa-8966-68d6f431d4fa&width=768&dpr=4&quality=100&sign=8045b025&sv=2) Application Secrets If you are a beginner, it is recommended that you create one Application Secret with all the 3 roles enabled for getting started quickly. You can use this single application secret for all operations while testing the app. But do refine it with multiple app-secrets appropriately, for better security, before deploying the app to production. ![](https://bayun.gitbook.io/bayuncoresdk-android/~gitbook/image?url=https%3A%2F%2F494789150-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252F-M6nZ8-2IWDhoAVgYFiw%252Fuploads%252FYnSaN1TWhrbeohVy2qtU%252Fsecrets.png%3Falt%3Dmedia%26token%3D3cbbfd63-468d-47d0-998b-71a1d92ef7f2&width=768&dpr=4&quality=100&sign=a68d3007&sv=2) ![](https://bayun.gitbook.io/bayuncoresdk-android/~gitbook/image?url=https%3A%2F%2F494789150-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252F-M6nZ8-2IWDhoAVgYFiw%252Fuploads%252FXRLnCxmkJNhlENWnCS7o%252Fimage.png%3Falt%3Dmedia%26token%3D063f8999-c946-4957-b560-1981d893cd9a&width=768&dpr=4&quality=100&sign=dd57c6bd&sv=2) You can also edit the app Name in Bayun Console. [Previous2\. Quick Start Guide for Beginners](https://bayun.gitbook.io/bayuncoresdk-android/2.-quick-start-guide-for-beginners) [Next4\. Integrate Bayun SDK](https://bayun.gitbook.io/bayuncoresdk-android/3-installing-the-bayun-sdk) Last updated 12 months ago Was this helpful? --- # 4. Integrate Bayun SDK | BayunCoreSDK Android Programming Guide ### [](https://bayun.gitbook.io/bayuncoresdk-android/3-installing-the-bayun-sdk#id-4.1-bayun-sdk-integration-in-the-project) 4.1 Bayun SDK integration in the Project * Create a folder named `Bayun` in your project and add the `Bayun.aar` file. Copy dependencies { implementation files('') //implementation files('../Bayun/Bayun.aar') } * The Bayun SDK requires some dependencies that couldn't be included in the archive itself. For the SDK to work, these dependencies must be added by the app implementing the Bayun SDK. In the "build.gradle" file of the "app" module of your application, add the following code. Copy dependencies { .... implementation group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: '2.10.1' implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.10.1' implementation group: 'com.fasterxml.jackson.core', name: 'jackson-annotations', version: '2.10.1' implementation 'com.github.tony19:logback-android:2.0.0' implementation 'androidx.biometric:biometric:1.0.1' implementation 'com.google.code.gson:gson:2.8.6' implementation 'com.squareup.retrofit2:retrofit:2.9.0' implementation 'com.squareup.okhttp3:okhttp:4.9.3' implementation 'org.slf4j:slf4j-api:1.7.30' implementation 'com.yakivmospan:scytale:1.0.1' } * If your application uses Java and not Kotlin, you might need to also add another dependency that will form a bridge between the Kotlin dependencies of the SDK and your Java code. Copy dependencies { .... implementation "org.jetbrains.kotlin:kotlin-stdlib:1.3.61" } * If your application uses Java and Kotlin, you might need to also add `:Bayun` in `setting.gradle` file Copy include ':app', ':Bayun' ### [](https://bayun.gitbook.io/bayuncoresdk-android/3-installing-the-bayun-sdk#id-4.2-androidmanifest.xml) 4.2 AndroidManifest.xml * The Bayun Android SDK requires some permissions and references from your app’s AndroidManifest.xml file. These permissions allow the SDK to monitor network state. Copy * The Bayun Android SDK contains a service and an activity that must be declared in your app's AndroidManifest.xml file under `` section, for it to work. Copy [Previous3\. Getting Started](https://bayun.gitbook.io/bayuncoresdk-android/2-getting-started) [Next5\. Authentication](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication) Last updated 1 year ago Was this helpful? --- # 2. Quick Start Guide for Beginners | BayunCoreSDK Android Programming Guide For beginners, the quickest way to experience the magic of BayunCoreSDK is to create a simple app by going through the following steps: 1. As first step, get started with the overview video and the demo video available on Bayun’s website: [www.bayunsystems.com](http://www.bayunsystems.com/) 2. Register a developer account with Bayun, and create a new application by following instructions in [Getting Started](https://bayun.gitbook.io/bayuncoresdk-android/2-getting-started) section. Make sure to create a new application secret with all the 3 roles enabled, so that the same app-secret can be used everywhere in the app for easy testing. 3. Get the Bayun SDK from [github](https://github.com/bayunsystems/BayunSDK) , and and integrate it into your project/application as per section [Integrate Bayun SDK](https://bayun.gitbook.io/bayuncoresdk-android/3-installing-the-bayun-sdk) . Look at the code of [Hello World app](https://github.com/bayunsystems/BayunSDK/tree/master/Android/Quick%20Start/Hello%20World) for simple ways to use different functions of Bayun SDK inside your own app in order to secure user data.. 4. For user login, after going through the instructions in the [Authentication](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication) section, just use the **loginWithPassword** function listed under section [Login With Password](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.3-login-with-password) , and make sure to set **autoCreateEmployee** parameter to True, leaving parameters **securityQuestionsCallback** and **passphraseCallback** to null. This will do away with the need to go through separate user registration flow altogether, as it will create the user account automatically if it doesn't already exist. It will also avoid having to understand the other login flow using **loginWithoutPassword** for now, which is more complicated and can be used later for advanced functionality. Do make sure that the actual passwords you use for creating any accounts are not lost, as there is no way to recover from a lost/forgotten password while using this function for user login! 5. After successful login, you can simply call **lock** and **unlock** methods listed under [BayunCoreSDK Operations](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods) for safe encryption of user data. For Encryption Policy, just use the policy **Employee**. It will ensure that none other than the user can access their data. Actually any policy other than Group policy is fairly simple to use. However use of Group policy requires more advanced functionality with separate Group Management described under the section [Groups](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups) , which can be skipped for now. 6. Optional: Join the [Bayun Developer Community Slack](https://join.slack.com/t/bayundevelope-do87454/shared_invite/zt-1z7x9wqpy-ttZ8rRCD7EzotiTzejke~Q) to get help and support from Bayun’s own team as well as from other developers using Bayun SDK. Once you have a simple test app working, you can explore more advanced functionality by going through the rest of the documentation, and slowly refining the app in different areas. For example you can use the **Group** Encryption policy with an arbitrary group that you can control the membership of (e.g. see the [Groups](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups) section). You can also try using **loginWithoutPassword** function for user login listed in section [Login without Password](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.4-login-without-password) (which does require separate user registration as per section [Register without Password](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.2-register-without-password) ), as it is designed to be used by humans (with optional Facial Recognition) and is also robust against lost/forgotten passwords, etc. For these advanced functions, you can look at example usage in the other test app(s) included in the github repository, like [BayunS3](https://github.com/bayunsystems/BayunSDK/tree/master/Android/TestApps/BayunS3) . [Previous1\. Introduction](https://bayun.gitbook.io/bayuncoresdk-android) [Next3\. Getting Started](https://bayun.gitbook.io/bayuncoresdk-android/2-getting-started) Last updated 2 years ago Was this helpful? --- # 5. Authentication | BayunCoreSDK Android Programming Guide The Bayun SDK (in conjunction with Lockbox Management Server backend) handles the encryption/decryption keys, and lockboxes, based on the logged-in user, and the tenant/company whose data in the app this user should have access to. So an enterprise application developer should choose the companyName and the companyEmployeeId below, using the same criteria that are used inside the application to distinguish between different companies (sometimes also referred to as tenants in a multi-tenant application), and the employees. For example, for the Gmail app (or any other GSuite App), the login-id of the user is the email address in the form of “username@bayunsystems.com”. Assuming “bayunsystems.com” (the domain-name part of the email address) is registered for a corporate-account with Google, it determines the company/tenant uniquely, and GSuite server will use policies applicable for the company this domain-name maps to. The “username” (or the complete email address “username@bayunsystems.com” itself) is the unique user-id of the user for that specific company, and determines the policies applicable to the logged-in user. So in this case, the developer should use “bayunsystems.com” as companyName for selecting the tenant, and preferably complete email address "username@bayunsystems.com" as companyEmployeeId (even though in some cases just the “username” part might suffice, it's not recommended). Note that some applications allow users with any domain to login to any tenant, even if the domain-name of the user doesn’t match that of the tenant (e.g. accounts for certain contractors of an enterprise using their own email address for login rather than corporate-emails issued to employees of that enterprise). In fact some users could even have access to multiple tenants as well in a multi-tenant application via the same user-account. In such cases, the companyName parameter should always match the domain of the tenant the user is trying to login to, and not the domain of the logging in user's email address. Also, the complete email address of the user needs to be used for companyEmployeeId here, as the domain part of the user could be different from the tenant's own domain. For a consumer application, or consumer use-case in a hybrid application, the developer can use a single companyName for all consumer/individual users. For example, GSuite applications can use “gmail.com” for all users who have consumer email addresses in the form of "username@gmail.com". The same companyName can also be used for other individual accounts using custom domains without the domain being registered for a corporate account on Google (e.g. username@customdomain.com, where customdomain.com is not registered as a corporate account). So the single companyName chosen by the developer here serves as the default tenant for all consumer accounts that don’t belong to a specific enterprise tenant. And the companyEmployeeId should be the complete email of the user (e.g. “username@gmail.com” or “username@customdomain.com”). Since both companyName and companyEmployeeId parameters are arbitrary strings, the developer can also use app's own internal companyId or tenantId for the companyName parameter, and pass app's own internal company-specific employeeId or user’s loginId as the companyEmployeeId parameter for BayunSDK. The only requirement for BayunSDK is that the companyName be unique across all the companies, and that the companyEmployeeId for each employee be unique within a given companyName. However something like this should be done only when the email address of the user or unique loginId is not available. For portability and consistency across multiple types of users, and various different types of use-cases, it is highly recommended for the developer to use the complete email address of user as companyEmployeeId when-ever available, and the domain-name of tenant as companyName, in most cases. [](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication#initialize-bayuncore) **Initialize BayunCore** --------------------------------------------------------------------------------------------------------------------- **Import:** import `com.bayun_module.BayunCore` Get `BayunCore` instance with appId, appSecret, appSalt. * **appContext:** Application Context. * **baseURL :** Provided when an app is registered with Bayun. * **bayunServerPublicKey :** Provided when an app is registered with Bayun. * **appId :** Provided when an app is registered with Bayun. * **appSecret :** Provided when an app is registered with Bayun. * **appSalt :** Provided when an app is registered with Bayun. * **verifyDeviceLock :** If device screen lock is active then true otherwise false. Java Kotlin Copy import com.bayun_module.BayunCore Context appContext = getApplicationContext(); String baseURL = ""; //baseURL obtained from developer dashboard String appId = ""; //appId obtained from developer dashboard String appSecret = ""; //appSecret obtained from the developer dashboard String appSalt = ""; //appSalt obtained from developer dashboard String bayunServerPublicKey = ""; //bayunServerPublicKey obtained from developer dashboard boolean verifyDeviceLock = false; public static BayunCore bayunCore = new BayunCore(appContext, baseURL, bayunServerPublicKey, appId, appSecret, appSalt, verifyDeviceLock); Copy import com.bayun_module.BayunCore val appContext = applicationContext val baseURL = "" //baseURL obtained from developer dashboard val appId = "" //appId obtained from developer dashboard val appSecret ="" //appSecret obtained from the developer dashboard val appSalt = "" //appSalt obtained from developer dashboard val bayunServerPublicKey = ""; //bayunServerPublicKey obtained from developer dashboard val verifyDeviceLock = false val bayunCore = BayunCore(appContext, baseURL, bayunServerPublicKey, appId, appSecret, appSalt, verifyDeviceLock) [](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication#user-login) User Login --------------------------------------------------------------------------------------------- You first need to authenticate the user with Bayun's `Lockbox Management Server (LMS)` using the login call (or register call for a new user) before you can make use of any other Bayun features in your app. Note that any of the login functions of BayunSDK needs to be called only once for a user on a new device to set up the context for that user in the device's secure enclave. There is no need to call this function every time the user starts the app, unless the user was logged-out by explicitly calling the logout function. You can choose to use Bayun's combined authentication & authorization mechanism as the primary auth for your app's users (e.g. for a brand new app, or for an existing app to replace the current auth) to keep things simple for yourself, and also provide a seamless passwordless auth experience to your users. Or alternatively, you can instead use Bayun's auth mechanism as a supplementary authentication (using additional security mechanisms on top of existing auth), or as a shadow authentication (using the same credentials as your own app), in conjunction with your app's primary authentication mechanism. If using it as supplementary or shadow authentication, make sure Bayun's register or login function is called only if, and after, your own app's authentication succeeds. Bayun relies on your own app's authentication to ensure correct password (in case of registerWithPassword) or email (in case of registerWithoutPassword e.g. with SSO) is used for a given (companyName, companyEmployeeId) combination, and the given user indeed has access to account with a specific companyName & companyEmployeeId at the time a user is registered with Bayun. The user is on-boarded onto the Bayun system after successful registration (which can optionally require explicit approval from an admin of a company or service-provider). Once a user has been on-boarded, the Bayun auth system requires use of the same password as your own app's authentication for all further login attempts if it is being used as shadow authentication (so make sure to call changePassword function appropriately in Bayun-SDK when-ever any user changes their app password for your app). If the Bayun system is being used as the primary or supplementary auth mechanism for the app, there is no need to keep any app-passwords in sync between the app and Bayun. [5.1 Register with Password](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.1-register-with-password) [5.2 Register without Password](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.2-register-without-password) [5.3 Login with Password](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.3-login-with-password) [5.4 Login without Password](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.4-login-without-password) [5.5 Logout](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.5-logout) [5.6 Change Password](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.6-change-password) [Previous4\. Integrate Bayun SDK](https://bayun.gitbook.io/bayuncoresdk-android/3-installing-the-bayun-sdk) [Next5.1 Register with Password](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.1-register-with-password) Last updated 12 months ago Was this helpful? --- # 5.1 Register with Password | BayunCoreSDK Android Programming Guide The `registerEmployeeWithPassword` function creates a new employee on Bayun's system with supplied (companyName, companyEmployeeId) combination, for subsequent authentication requests from this app using the given password, and initializes this employee's access to Bayun. The function takes the following parameters : Let's say an employee has loginId `username@bayunsystems.com`. * **activity** : Activity Context. * **companyName** : Unique name of the company/tenant the registering employee belongs to, preferably in domain-name format for consistency, e.g. `bayunsystems.com`. This assumes that the user is getting access to the corresponding enterprise tenant with the same domain-name managed by their employer. In some cases the email domain of the user could be different from the domain of the tenant this user belongs to e.g. `username@customdomain.com` registering on a tenant with domain `bayunsystems.com` as a contractor, or on a generic tenant for individual accounts in a consumer use-case (e.g. tenant domain of “gmail.com”). In such a case, the domain-name part of the tenant is what should be used as the companyName parameter. Alternatively you can also choose to pass app's own internal companyId/tenantId for the registering employee as a parameter. * **companyEmployeeId** : EmployeeId unique within the company, e.g. `username@bayunsystems.com`. While just the "username" portion might suffice in some cases, it is preferable to use the full loginId for consistency (especially considering that full loginId has to be anyway used for a contractor or consumer use-case). Alternatively you can also choose to pass app's own internal employeeId that is unique within the specific companyName that was used above. * **password** : Password of the employee. Used to keep employee secret keys protected. Never stored or transmitted by BayunSDK in clear. If the developer wishes, it can be a cryptographic hash of the password instead of the cleartext password itself. Bayun just needs a unique secret known to the employee only, or something unique generated from it, for keeping the employee lockboxes protected in such a way that nobody other than the employee has access to it (similar to how iPhone does it with user’s device PIN). * **authorizeEmployeeCallback :** Block to be executed if employee public key authorization is pending, returns employeePublicKey. * **successCallback** : Success block to be executed after successful employee registration. * **failureCallback** : Failure block to be executed if employee registration fails, returns `BayunError`. First account of the Company registered with Bayun is the **Security Admin** account. ### [](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.1-register-with-password#sample-code) Sample Code Java Kotlin Copy String companyName = "bayunsystems.com"; //company portion from loginId String companyEmployeeId = "username"; //username portion from loginId String password = ""; Handler.Callback authorizeEmployeeCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Authorization of EmployeePublicKey is Pending"); String employeePublicKey = message.getData().getString("employeePublicKey", ""); return false; } }; Handler.Callback successCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Employee Registered Successfully."); return false; } }; Handler.Callback failureCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Employee registration failed."); return false; } }; bayunCore.registerEmployeeWithPassword(activity, companyName, companyEmployeeId, password, authorizeEmployeeCallback, successCallback, failureCallback) Copy val companyName = "bayunsystems.com" //company portion from loginId val companyEmployeeId = "username" //username portion from loginId val password = "" val authorizeEmployeeCallback = Handler.Callback { message -> Log.d(TAG, "Authorization of EmployeePublicKey is Pending") val employeePublicKey = message.data.getString("employeePublicKey", "") false } val successCallback = Handler.Callback { Log.d(TAG, "Employee Registered Successfully.") false } val failureCallback = Handler.Callback { message -> val error = message.data.getString("BayunError", "") Log.d(TAG, "Employee registration failed."); false } bayunCore.registerEmployeeWithPassword( this, companyName, companyEmployeeId, password, authorizeEmployeeCallback, successCallback, failureCallback) [Previous5\. Authentication](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication) [Next5.2 Register without Password](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.2-register-without-password) Last updated 1 year ago Was this helpful? --- # 5.5 Logout | BayunCoreSDK Android Programming Guide To logout user, use `logout` function. This function can be used at the time of logging out of app. Java Kotlin Copy bayunCore.logout(); Copy bayunCore.logout() In order to use Bayun methods after logout, you will need to login the user again. [Previous5.4 Login without Password](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.4-login-without-password) [Next5.6 Change Password](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.6-change-password) Last updated 1 year ago Was this helpful? --- # 5.4 Login without Password | BayunCoreSDK Android Programming Guide The `loginWithoutPassword` function is the instance function that initialises your access to Bayun. The function takes the following parameters : Let's say an employee has loginId `username@bayunsystems.com`. * **activity** : Activity Context. * **companyName** : Unique name of the company/tenant the authenticating employee belongs to, e.g. “`bayunsystems.com”`. This should be chosen using exactly the same methodology that was used during user registration via `registerEmployeeWithoutPassword`. Note that in some cases the email domain of the user could be different from the domain of the tenant this user belongs to. In such a case, the domain-name part of the tenant is what should be used as the companyName parameter. * **companyEmployeeId** : EmployeeId unique within the company, e.g. "`username@bayunsystems.com`". This should also be chosen using exactly the same methodology that was used during user registration via `registerEmployeeWithoutPassword`. Note that while just the "username" portion might suffice in some cases, it is preferable to use the full loginId for consistency. * **securityQuestionsCallback** : Most developers can just leave it null for default functionality. It is used for taking answers of Security Questions from the User. By default, the SDK uses Dialog to take User’s input for the answers of the Security Questions. The developer can optionally provide a custom UI block for taking User’s input, to match with the look-and-feel of the app, instead of relying on the default dialog. If non-null, this block will need to take user answers to the security questions as an input and call `validateSecurityQuestions` API method in the SDK. The Security Questions and QuestionIds are returned in the callback, in the form of `List`. * **passphraseCallback** : Optional block if passphrase is enabled. Most developers can just leave it null for default functionality. It is used for taking user passphrase input when passphrase is explicitly enabled by the user. By default, the SDK uses Dialog to take user input for passphrase if it is enabled for a user. However the developer can optionally provide a custom UI block to match with the look-and-feel of the app instead of relying on the default dialog. If non-null, this block will need to take user passphrase as input and call Bayun `validatePassphrase` API for Passphrase validation. * **successCallback** : Success block to be executed after successful user login. * **failureCallback** : Failure block to be executed if user login fails, returns `BayunError`. ### [](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.4-login-without-password#validate-security-questions) Validate Security Questions Use `**validateSecurityQuestions**` function to validate the security questions' answers. The function takes the following parameters : * **answers** : Security questions' answers of type `List`. * **successCallback** : Success block to be executed after successful Security Questions' Answers validation. * **failureCallback** : Failure block to be executed if user login fails, returns `BayunError`. ### [](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.4-login-without-password#validate-passphrase) Validate Passphrase Use `**validatePassphrase**` function to validate the passphrase. The function takes the following parameters : * **passphrase** : Passphrase to validate. * **successCallback** : Success block to be executed after successful user passphrase validation. * **failureCallback** : Failure block to be executed if user authentication fails, returns `BayunError`. Java Kotlin Copy String companyName = "bayunsystems.com"; //company portion from loginId String companyEmployeeId = "username"; //username portion from loginId Activity activity = this; Handler.Callback successCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Logged in with Bayun successfully."); return false; } }; Handler.Callback failureCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Login failed with error."); return false; } }; Handler.Callback securityQuestionsCallback = new Handler.Callback() { @Override public boolean handleMessage(@NonNull Message msg) { Bundle bundle = msg.getData(); //securityQuestionsArray is a list of Security Question Objects with questionId, questionText ArrayList securityQuestionsArray = (ArrayList)msg.getData().getSerializable("securityQuestions"); //Show custom UI to take user input for the answers. //Call validateSecurityQuestions function with the user provided answers. ArrayList answers = new ArrayList<>(); SecurityAnswer securityAnswer1 = new SecurityAnswer(securityQuestionsArray.get(0).getQuestionId(),"".toCharArray()); SecurityAnswer securityAnswer2 = new SecurityAnswer(securityQuestionsArray.get(1).getQuestionId(),"".toCharArray()); SecurityAnswer securityAnswer3 = new SecurityAnswer(securityQuestionsArray.get(2).getQuestionId(),"".toCharArray()); SecurityAnswer securityAnswer4 = new SecurityAnswer(securityQuestionsArray.get(3).getQuestionId(),"".toCharArray()); SecurityAnswer securityAnswer5 = new SecurityAnswer(securityQuestionsArray.get(4).getQuestionId(),"".toCharArray()); answers.add(securityAnswer1); answers.add(securityAnswer2); answers.add(securityAnswer3); answers.add(securityAnswer4); answers.add(securityAnswer5); Handler.Callback successCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Logged in with Bayun successfully."); return false; } }; Handler.Callback failureCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "One or more answers are incorrect."); return false; } }; bayunCore.validateSecurityQuestions(answers, null, successCallback, failureCallback); return false; } }; Handler.Callback passphraseCallback = new Handler.Callback() { @Override public boolean handleMessage(@NonNull Message msg) { //Show custom UI to take user input for the passphrase. String passpharse =""; Handler.Callback successCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Passphrase is validated and Logged in with Bayun successfully."); return false; } }; Handler.Callback failureCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Passphrase validation failed with error."); return false; } }; //Call validatePassphrase function with the user provided passphrase. bayunCore.validatePassphrase(passpharse, null, successCallback, failureCallback); return false; } }; bayunCore.loginWithoutPassword(activity, companyName, companyEmployeeId, securityQuestionsCallback, passphraseCallback, successCallback, failureCallback); Copy val companyName = "bayunsystems.com" //company portion from loginId val companyEmployeeId = "username" //username portion from loginId val securityQuestionsCallback = Handler.Callback { val bundle = it.getData() //securityQuestionsArray is a list of Security Question Objects with questionId, questionText val securityQuestionsArray = bundle.getSerializable("securityQuestions") as ArrayList var answers = ArrayList() val securityAnswer1 = SecurityAnswer(securityQuestionsArray.get(0).getQuestionId(),"".toCharArray()) val securityAnswer2 = SecurityAnswer(securityQuestionsArray.get(1).getQuestionId(),"".toCharArray()) val securityAnswer3 = SecurityAnswer(securityQuestionsArray.get(2).getQuestionId(),"".toCharArray()) val securityAnswer4 = SecurityAnswer(securityQuestionsArray.get(3).getQuestionId(),"".toCharArray()) val securityAnswer5 = SecurityAnswer(securityQuestionsArray.get(4).getQuestionId(),"".toCharArray()) answers.add(securityAnswer1) answers.add(securityAnswer2) answers.add(securityAnswer3) answers.add(securityAnswer4) answers.add(securityAnswer5) val successCallback = Handler.Callback { Log.d(TAG, "Logged in with Bayun successfully.") false } val failureCallback = Handler.Callback { message -> val error = message.data.getString("BayunError", "") Log.d(TAG, "One or more answers are incorrect.") false } bayunCore.validateSecurityQuestions(answers, null, successCallback, failureCallback) false } val passphraseCallback = Handler.Callback { //Show custom UI to take user input for the passphrase. val passpharse ="" val successCallback = Handler.Callback { Log.d(TAG, "Passphrase is validated and Logged in with Bayun successfully.") false } val failureCallback = Handler.Callback { message -> val error = message.data.getString("BayunError", "") Log.d(TAG, "Login failed with error.") false } //Call validatePassphrase function with the user provided passphrase. bayunCore.validatePassphrase(passpharse, authorizeEmployeeCallback, successCallback, failureCallback) false } val successCallback = Handler.Callback { Log.d(TAG, "Logged in with Bayun successfully.") false } val failureCallback = Handler.Callback { message -> val error = message.data.getString("BayunError", "") Log.d(TAG, "Login failed with error.") false } bayunCore.loginWithoutPassword(this, companyName, companyEmployeeId, securityQuestionsCallback, passphraseCallback, successCallback, failureCallback) [Previous5.3 Login with Password](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.3-login-with-password) [Next5.5 Logout](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.5-logout) Last updated 1 year ago Was this helpful? --- # 5.3 Login with Password | BayunCoreSDK Android Programming Guide The `loginWithPassword` function is the instance function that initialises your access to Bayun. The function takes the following parameters : Let's say an employee has loginId `username@bayunsystems.com`. * **activity** : Activity Context. * **companyName** : Unique name of the company/tenant the authenticating employee belongs to, e.g. `“bayunsystems.com”`. This should be chosen using exactly the same methodology that was used during user registration via `registerEmployeeWithPassword`. Note that in some cases the email domain of the user could be different from the domain of the tenant this user belongs to. In such a case, the domain-name part of the tenant is what should be used as the companyName parameter. * **companyEmployeeId** : EmployeeId unique within the company, e.g. `"username@bayunsystems.com"`. This should also be chosen using exactly the same methodology that was used during user registration via `registerEmployeeWithPassword`. Note that while just the "username" portion might suffice in some cases, it is preferable to use the full loginId for consistency. * **password** : Password of the user. Used to keep user secret keys protected. Never stored or transmitted by BayunSDK in clear. If the developer wishes, it can be a cryptographic hash of the password instead of the cleartext password itself. Bayun just needs a unique secret known to the user only, or something unique generated from it, for keeping the user lockboxes protected in such a way that nobody other than the user has access to it (similar to how iPhone does it with user’s device PIN). * **autoCreateEmployee** : Determines whether or not an employee should be created automatically on Bayun’s system if it does not already exist within the given company. If set to true, an attempt is made to authenticate against an existing employee account first, but if there is no such employee within the given company, a new one is created instead with the supplied credentials. This provides an easy integration option for the developer to use a single login call in an existing application for the simpler use-cases, rather than having to integrate separately with more involved registration & authorization flow along-with the separate login flow. Use this feature only when Bayun’s auth mechanism is being used as shadow auth for your app’s own authentication, using the same user password. And make sure the user has already been successfully authenticated to your own app’s authentication mechanism, before calling Bayun’s loginWithPassword function with autoCreateEmployee set to true. * **authorizeEmployeeCallback :** Block to be executed if employee public key authorization is pending, returns employeePublicKey. * **securityQuestionsCallback** : Most developers can just leave it null for default functionality. It is used for taking answers of Security Questions from the User when extra security with two-factor authorization is enabled. By default, the SDK uses Dialog to take User’s input for the answers of the Security Questions, if two-factor authorization is enabled for the user trying to authenticate. The developer can optionally provide a custom UI block for taking User’s input, to match with the look-and-feel of the app, instead of relying on the default dialog. If non-null, this block will need to take user answers to the security questions as an input and call `validateSecurityQuestions` API method in the SDK. The callback is triggered when two-factor authorization is enabled for the user authenticating with Bayun. The Security Questions and QuestionIds are returned through data of the callback, in the form of `List` . * **passphraseCallback** : Optional block if passphrase is enabled. Most developers can just leave it null for default functionality. It is used for taking user passphrase input for extra security when passphrase is explicitly enabled by the user. By default, the SDK uses Dialog to take user input for passphrase if it is enabled for a user. However the developer can optionally provide a custom UI block to match with the look-and-feel of the app instead of relying on the default dialog. If non-null, this block will need to take user passphrase as input and call Bayun `validatePassphrase` API for Passphrase validation. * **successCallback** : Success block to be executed after successful employee login. * **failureCallback** : Failure block to be executed if employee login fails, returns `BayunError`. ### [](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.3-login-with-password#validate-security-questions) Validate Security Questions Use `**validateSecurityQuestions**` function to validate the security questions' answers. The function takes the following parameters * **answers** : Security questions' answers of type `List`. * **authorizeEmployeeCallback :** Block to be executed if employee public key authorization is pending, returns employeePublicKey. * **successCallback** : Success block to be executed after successful Security Questions' Answers validation. * **failureCallback** : Failure block to be executed if user Security Questions' Answers validation fails, returns `BayunError`. ### [](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.3-login-with-password#validate-passphrase) Validate Passphrase Use `**validatePassphrase**` function to validate the passphrase. The function takes the following parameters : * **passphrase** : Passphrase to validate. * **authorizeEmployeeCallback :** Block to be executed if employee public key authorization is pending, returns employeePublicKey. * **successCallback** : Success block to be executed after successful user passphrase validation. * **failureCallback** : Failure block to be executed if user passphrase validation fails, returns `BayunError`. `BayunCore` class should be inited on server using App Secret which has role `Authorization` to be able to authorize an employee. Java Kotlin Copy String companyName = "bayunsystems.com"; //company portion from loginId String companyEmployeeId = "username"; //username portion from loginId String password = ""; //user input boolean autoCreateEmployee = true; Activity activity = this; Handler.Callback authorizeEmployeeCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Authorization of employeePublicKey is Pending.") String employeePublicKey = message.getData().getString("employeePublicKey", ""); return false; } }; Handler.Callback securityQuestionsCallback = new Handler.Callback() { @Override public boolean handleMessage(@NonNull Message msg) { Bundle bundle = msg.getData(); //securityQuestionsArray is a list of Security Question Objects with questionId, questionText ArrayList securityQuestionsArray = (ArrayList)msg.getData().getSerializable("securityQuestions"); //Show custom UI to take user input for the answers. //Call validateSecurityQuestions function with the user provided answers. ArrayList answers = new ArrayList<>(); SecurityAnswer securityAnswer1 = new SecurityAnswer(securityQuestionsArray.get(0).getQuestionId(),"".toCharArray()); SecurityAnswer securityAnswer2 = new SecurityAnswer(securityQuestionsArray.get(1).getQuestionId(),"".toCharArray()); SecurityAnswer securityAnswer3 = new SecurityAnswer(securityQuestionsArray.get(2).getQuestionId(),"".toCharArray()); SecurityAnswer securityAnswer4 = new SecurityAnswer(securityQuestionsArray.get(3).getQuestionId(),"".toCharArray()); SecurityAnswer securityAnswer5 = new SecurityAnswer(securityQuestionsArray.get(4).getQuestionId(),"".toCharArray()); answers.add(securityAnswer1); answers.add(securityAnswer2); answers.add(securityAnswer3); answers.add(securityAnswer4); answers.add(securityAnswer5); Handler.Callback authorizeEmployeeCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Authorization of employeePublicKey is Pending.") String employeePublicKey = message.getData().getString("employeePublicKey", ""); return false; } }; Handler.Callback successCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Loggrd in with Bayun successfully."); return false; } }; Handler.Callback failureCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "One or more answers are incorrect."); return false; } }; bayunCore.validateSecurityQuestions(answers, authorizeEmployeeCallback, successCallback, failureCallback); return false; } }; Handler.Callback passphraseCallback = new Handler.Callback() { @Override public boolean handleMessage(@NonNull Message msg) { //Show custom UI to take user input for the passphrase. String passpharse =""; Handler.Callback authorizeEmployeeCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Authorization of employeePublicKey is Pending.") String employeePublicKey = message.getData().getString("employeePublicKey", ""); return false; } }; Handler.Callback successCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Passphrase is validated and Logged in with Bayun successfully."); return false; } }; Handler.Callback failureCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Passphrase validation failed with error."); return false; } }; //Call validatePassphrase function with the user provided passphrase. bayunCore.validatePassphrase(passpharse, authorizeEmployeeCallback, successCallback, failureCallback); return false; } }; Handler.Callback successCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Logged in with Bayun successfully."); return false; } }; Handler.Callback failureCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Login failed with error."); return false; } }; bayunCore.loginWithPassword(activity, companyName, companyEmployeeId, password, autoCreateEmployee, authorizeEmployeeCallback, securityQuestionsCallback, passphraseCallback, successCallback, failureCallback); Copy val companyName = "bayunsystems.com" //company portion from loginId val companyEmployeeId = "username" //username portion from loginId val password = "" // user input val autoCreateEmployee = true val authorizeEmployeeCallback = Handler.Callback { Log.d(TAG, "Authorization of employeePublicKey is Pending.") val employeePublicKey = it.data.getString("employeePublicKey", "") false } val securityQuestionsCallback = Handler.Callback { val bundle = it.getData(); //securityQuestionsArray is a list of Security Question Objects with questionId, questionText val securityQuestionsArray = bundle.getSerializable("securityQuestions") as ArrayList var answers = ArrayList() val securityAnswer1 = SecurityAnswer(securityQuestionsArray.get(0).getQuestionId(),"".toCharArray()) val securityAnswer2 = SecurityAnswer(securityQuestionsArray.get(1).getQuestionId(),"".toCharArray()) val securityAnswer3 = SecurityAnswer(securityQuestionsArray.get(2).getQuestionId(),"".toCharArray()) val securityAnswer4 = SecurityAnswer(securityQuestionsArray.get(3).getQuestionId(),"".toCharArray()) val securityAnswer5 = SecurityAnswer(securityQuestionsArray.get(4).getQuestionId(),"".toCharArray()) answers.add(securityAnswer1) answers.add(securityAnswer2) answers.add(securityAnswer3) answers.add(securityAnswer4) answers.add(securityAnswer5) val authorizeEmployeeCallback = Handler.Callback { Log.d(TAG, "Authorization of employeePublicKey is Pending.") val employeePublicKey = it.data.getString("employeePublicKey", "") false } val successCallback = Handler.Callback { Log.d(TAG, "Logged in with Bayun successfully.") false } val failureCallback = Handler.Callback { message -> val error = message.data.getString("BayunError", "") Log.d(TAG, "One or more answers are incorrect.") false } bayunCore.validateSecurityQuestions(answers, authorizeEmployeeCallback, successCallback, failureCallback) false } val passphraseCallback = Handler.Callback { //Show custom UI to take user input for the passphrase. val passpharse =""; val authorizeEmployeeCallback = Handler.Callback { Log.d(TAG, "Authorization of employeePublicKey is Pending.") val employeePublicKey = it.data.getString("employeePublicKey", "") false } val successCallback = Handler.Callback { Log.d(TAG, "Passphrase is validated and logged in with Bayun successfully.") false } val failureCallback = Handler.Callback { message -> val error = message.data.getString("BayunError", "") Log.d(TAG, "Login failed with error.") false } //Call validatePassphrase function with the user provided passphrase. bayunCore.validatePassphrase(passpharse, authorizeEmployeeCallback, successCallback, failureCallback) false } val successCallback = Handler.Callback { Log.d(TAG, "Logged in with Bayun successfully.") false } val failureCallback = Handler.Callback { message -> val error = message.data.getString("BayunError", "") Log.d(TAG, "Login failed with error."); false } bayunCore.loginWithPassword(this, companyName, companyEmployeeId, password, autoCreateEmployee, authorizeEmployeeCallback, securityQuestionsCallback, passphraseCallback, successCallback, failureCallback) [Previous5.2 Register without Password](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.2-register-without-password) [Next5.4 Login without Password](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.4-login-without-password) Last updated 1 year ago Was this helpful? --- # 5.6 Change Password | BayunCoreSDK Android Programming Guide To change password for Bayun, use `changePassword` method. The method takes the following parameters : * **currentPassword** : Current Password. * dataType : `String` * **newPassword** : New Password. * dataType : `String` * **successCallback** : SuccessCallback block to be executed after password is successfully changed. * **failureCallback** : FailureCallback block to be executed if change password fails, returns `BayunError`. Java Kotlin Copy String currentPassword = ""; String newPassword = ""; // Callbacks to Change User Password with Bayun. Handler.Callback successCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Password changed successfully."); } }; Handler.Callback failureCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Change password failed.") return false; } }; bayunCore.changePassword(currentPassword, newPassword, successCallback, failureCallback); Copy val currentPassword = "" val newPassword = "" // Callbacks to Change User Password with Bayun. val successCallback = Handler.Callback { Log.d(TAG, "Password changed successfully.") false } val failureCallback = Handler.Callback { val error = it.data.getString("BayunError", "") Log.d(TAG, "Change password failed.") false } bayunCore.changePassword(currentPassword, newPassword, successCallback, failureCallback) [Previous5.5 Logout](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.5-logout) [Next6\. BayunCoreSDK Operations](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods) Last updated 1 year ago Was this helpful? --- # 5.2 Register without Password | BayunCoreSDK Android Programming Guide The `registerEmployeeWithoutPassword` function creates a new employee on Bayun's system with supplied (companyName, companyEmployeeId) combination, and links it to Bayun user account with userId matching the supplied email address (creating one if necessary). All subsequent authentication requests for this employee will require user-credentials matching the supplied security questionsAnswers (or passphrase if set). The function takes the following parameters : Let's say an employee has email as loginId i.e `username@bayunsystems.com`. * **activity** : Activity Context. * **companyName** : Unique name of the company/tenant the registering employee belongs to, preferably in domain-name format for consistency, e.g. `bayunsystems.com`. This assumes that the user is getting access to the corresponding enterprise tenant with the same domain-name managed by their employer. In some cases the email domain of the user could be different from the domain of the tenant this user belongs to e.g. `username@customdomain.com` registering on a tenant with domain `bayunsystems.com` as a contractor, or on a generic tenant for individual accounts in a consumer use-case (e.g. tenant domain of `gmail.com`). In such a case, the domain-name part of the tenant is what should be used as the companyName parameter. Alternatively you can also choose to pass app's own internal companyId/tenantId for the registering employee as a parameter. * **companyEmployeeId** : EmployeeId unique within the company, e.g. `username@bayunsystems.com`. While just the "username" portion might suffice in some cases, it is preferable to use the full loginId for consistency (especially considering that full loginId has to be anyway used for a contractor or consumer use-case). Alternatively you can also choose to pass app's own internal employeeId that is unique within the specific companyName that was used above. * **email** : Bayun userId for the new user being registered, in the form of User Principal Name (UPN) represented as an email address e.g. `username@bayunsystems.com`. For a consumer use-case, it can be the email address provided by the user themselves, or one provided/generated by the app. If no email address is available, the app can choose to construct a dummy email by concatenating the user's companyName and companyEmployeeId, e.g. companyEmployeeId+"@"+companyName. dummy-email. This email is not needed for subsequent login requests from the registered employee (as combination of companyName and companyEmployeeId uniquely identify the employee), but the credentials associated with the corresponding userId/email (e.g. security answers) will always be used for authorizing this employee from a new device. * **isCompanyOwnedEmail :** Whether the user email is an enterprise email address owned and controlled by the companyName provided above. Relevant only for enterprise apps that typically allow employees of a company to login via SSO (in such cases, the email and companyEmployeeId will be the same as user’s corporate email-address, and the domain-name of these will also match the domain of the tenant provided as companyName). It should otherwise be set to false by default. If it's a company-owned enterprise email address, then we know that the company owns it, and it can be deleted or reclaimed by the company for potential reassignment to another employee as desired. * **authorizeEmployeeCallback :** Block to be executed if employee public key authorization is pending, returns employeePublicKey. * **newUserCredentialsCallback** : Most developers can just leave it null for default functionality. It is used to set Security Questions & Answers for a new user being created, as well as an optional Passphrase. By default, the SDK uses Dialog to take User’s input to set Security Questions & Answers, Passphrase. Using a non-null callback function here, the developer can optionally provide a custom UI block for taking User’s input, to match with the look-and-feel of the app, instead of relying on the default dialog. If non-null, this block will need to take user input for security questions & answers, passphrase and call `setNewUserCredentials` method in the SDK. The callback is triggered to take these inputs for a new user being registered on Bayun. * **securityQuestionsCallback** : Most developers can just leave it null for default functionality. It is used for taking answers to Security Questions from an existing Bayun User. By default, the SDK uses Dialog to take User’s input for the answers to Security Questions. The developer can optionally provide a custom UI block for taking User’s input, to match with the look-and-feel of the app, instead of relying on the default dialog. If non-null, this block will need to take user answers to the security questions as an input and call `validateSecurityQuestions` API method in the SDK. The Security Questions and QuestionIds are returned through data of the callback, in the form of `List`. * **passphraseCallback** : Optional block that is called only if passphrase is enabled for an existing Bayun User. Most developers can just leave it null for default functionality. By default, the SDK uses Dialog to take user input for passphrase if it is enabled for the user. However the developer can optionally provide a custom UI block to match with the look-and-feel of the app instead of relying on the default dialog. If non-null, this block will need to take user passphrase as input and call Bayun `validatePassphrase` API for Passphrase validation. * **successCallback** : Success block to be executed after successful user registration. * **failureCallback** : Failure block to be executed if user registration fails, returns `BayunError`. ### [](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.2-register-without-password#set-new-user-credentials) Set New User Credentials The `setNewUserCredentials` function takes the following parameters : * **securityQuestionsAnswers** : User is required to provide five Security Questions and their Answers. Questions Answers are in the form of `List`. The developer can either offer a list of Security Questions from their own question-bank to make choosing easier for the user, or they can let each user craft their own questions along-with the answers. Bayun just needs any five questions or prompts for the user to provide their respective answers, which will be cryptographically intermingled together into a single complex key to ensure that independent guessing of any specific answer can’t cause any harm. * **passphrase** : Optional Passphrase provided by the User at the time of account creation. The developer can either set it to null by default, in which case the user will need to use Security Answers for login from a new device. Or alternatively the developer can let the user choose whether to set a passphrase or not, and supply the passphrase if chosen. * **authorizeEmployeeCallback :** Block to be executed if employee public key authorization is pending, returns employeePublicKey. * **successCallback** : Success block to be executed after security questions and answers are set successfully. * **failureCallback** : Failure block to be executed if security questions and answers could not be set, returns `BayunError`. ### [](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.2-register-without-password#validate-security-questions) Validate Security Questions Use `**validateSecurityQuestions**` function to validate the security questions' answers. The function takes the following parameters : * **answers** : Security questions' answers of type `List`. * **authorizeEmployeeCallback :** Block to be executed if employee public key authorization is pending, returns employeePublicKey. * **successCallback** : Success block to be executed after successful Security Questions' Answers validation. * **failureCallback** : Failure block to be executed if user registration fails, returns `BayunError`. ### [](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.2-register-without-password#validate-passphrase) Validate Passphrase Use `**validatePassphrase**` function to validate the passphrase. The function takes the following parameters : * **passphrase** : Passphrase to validate. * **authorizeEmployeeCallback :** Block to be executed if employee public key authorization is pending, returns employeePublicKey. * **successCallback** : Success block to be executed after successful user passphrase validation. * **failureCallback** : Failure block to be executed if user registration fails, returns `BayunError`. First account of the Company registered with Bayun is the **Security Admin** account. ### [](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.2-register-without-password#sample-code) Sample Code Java Kotlin Copy String companyName = "bayunsystems.com"; //company portion from loginId String companyEmployeeId = "username"; //username portion from loginId String email = "username@bayunsystems.com"; //loginId boolean isCompanyOwnedEmail = false; Activity activity = this; Handler.Callback authorizeEmployeeCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Authorization of employeePublicKey is Pending.") String employeePublicKey = message.getData().getString("employeePublicKey", ""); return false; } }; Handler.Callback newUserCredentialsCallback = new Handler.Callback() { @Override public boolean handleMessage(@NonNull Message msg) { //Take User Input for Security Questions and Answers //Here securityQuestionsAnswers object is created just for reference ArrayList securityQuestionsAnswers = new ArrayList<>(); SecurityQuestionAnswer securityQuestionAnswer1 = new SecurityQuestionAnswer("",""); SecurityQuestionAnswer securityQuestionAnswer2 = new SecurityQuestionAnswer("",""); SecurityQuestionAnswer securityQuestionAnswer3 = new SecurityQuestionAnswer("",""); SecurityQuestionAnswer securityQuestionAnswer4 = new SecurityQuestionAnswer("",""); SecurityQuestionAnswer securityQuestionAnswer5 = new SecurityQuestionAnswer("",""); securityQuestionsAnswers.add(securityQuestionAnswer1); securityQuestionsAnswers.add(securityQuestionAnswer2); securityQuestionsAnswers.add(securityQuestionAnswer3); securityQuestionsAnswers.add(securityQuestionAnswer4); securityQuestionsAnswers.add(securityQuestionAnswer5); String passpharse =""; //User input for optional passphrase Handler.Callback authorizeEmployeeCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Authorization of employeePublicKey is Pending.") String employeePublicKey = message.getData().getString("employeePublicKey", ""); return false; } }; Handler.Callback successCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Registered with Bayun successfully."); return false; } }; Handler.Callback failureCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Bayun registration failed."); return false; } }; bayunCore.setNewUserCredentials(securityQuestionsAnswers, passpharse, authorizeEmployeeCallback, successCallback, failureCallback); return false; } }; Handler.Callback securityQuestionsCallback = new Handler.Callback() { @Override public boolean handleMessage(@NonNull Message msg) { Bundle bundle = msg.getData(); //securityQuestionsArray is a list of Security Question Objects with questionId, questionText ArrayList securityQuestionsArray = (ArrayList)msg.getData().getSerializable("securityQuestions"); //Show custom UI to take user input for the answers. //Call validateSecurityQuestions function with the user provided answers. ArrayList answers = new ArrayList<>(); SecurityAnswer securityAnswer1 = new SecurityAnswer(securityQuestionsArray.get(0).getQuestionId(),"".toCharArray()); SecurityAnswer securityAnswer2 = new SecurityAnswer(securityQuestionsArray.get(1).getQuestionId(),"".toCharArray()); SecurityAnswer securityAnswer3 = new SecurityAnswer(securityQuestionsArray.get(2).getQuestionId(),"".toCharArray()); SecurityAnswer securityAnswer4 = new SecurityAnswer(securityQuestionsArray.get(3).getQuestionId(),"".toCharArray()); SecurityAnswer securityAnswer5 = new SecurityAnswer(securityQuestionsArray.get(4).getQuestionId(),"".toCharArray()); answers.add(securityAnswer1); answers.add(securityAnswer2); answers.add(securityAnswer3); answers.add(securityAnswer4); answers.add(securityAnswer5); Handler.Callback authorizeEmployeeCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Authorization of employeePublicKey is Pending.") String employeePublicKey = message.getData().getString("employeePublicKey", ""); return false; } }; Handler.Callback successCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Registered with Bayun successfully."); return false; } }; Handler.Callback failureCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "One or more answers are incorrect."); return false; } }; bayunCore.validateSecurityQuestions(answers, authorizeEmployeeCallback, successCallback, failureCallback); return false; } }; Handler.Callback passphraseCallback = new Handler.Callback() { @Override public boolean handleMessage(@NonNull Message msg) { //Show custom UI to take user input for the passphrase. String passpharse =""; Handler.Callback authorizeEmployeeCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Authorization of employeePublicKey is Pending.") String employeePublicKey = message.getData().getString("employeePublicKey", ""); return false; } }; Handler.Callback successCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Passphrase is validated and registered with Bayun successfully."); return false; } }; Handler.Callback failureCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Passphrase validation failed with error."); return false; } }; //Call validatePassphrase function with the user provided passphrase. bayunCore.validatePassphrase(passpharse, authorizeEmployeeCallback, successCallback, failureCallback); return false; } }; Handler.Callback successCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Registered with Bayun successfully."); return false; } }; Handler.Callback failureCallback = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Employee registration failed."); return false; } }; bayunCore.registerEmployeeWithoutPassword( activity, companyName, companyEmployeeId, email, isCompanyOwnedEmail, authorizeEmployeeCallback, newUserCredentialsCallback, securityQuestionsCallback, passphraseCallback, successCallback, failureCallback ); Copy val companyName = "bayunsystems.com" //company portion from loginId val companyEmployeeId = "username" //username portion from loginId val email = "username@bayunsystems.com" //loginId val isCompanyOwnedEmail = false val authorizeEmployeeCallback = Handler.Callback { Log.d(TAG, "Authorization of employeePublicKey is Pending.") val employeePublicKey = it.data.getString("employeePublicKey", "") false } val newUserCredentialsCallback = Handler.Callback { //Take User Input for Security Questions and Answers //Here securityQuestionsAnswers object is created just for reference var securityQuestionsAnswers = ArrayList() val setQuestionAnswer1 = SetQuestionAnswer("","") val setQuestionAnswer2 = SetQuestionAnswer("","") val setQuestionAnswer3 = SetQuestionAnswer("","") val setQuestionAnswer4 = SetQuestionAnswer("","") val setQuestionAnswer5 = SetQuestionAnswer("","") securityQuestionsAnswers.add(setQuestionAnswer1) securityQuestionsAnswers.add(setQuestionAnswer2) securityQuestionsAnswers.add(setQuestionAnswer3) securityQuestionsAnswers.add(setQuestionAnswer4) securityQuestionsAnswers.add(setQuestionAnswer5) val passpharse ="passpharse" // Take User Input for optional passphrase val authorizeEmployeeCallback = Handler.Callback { Log.d(TAG, "Authorization of employeePublicKey is Pending.") val employeePublicKey = it.data.getString("employeePublicKey", "") false } val successCallback = Handler.Callback { Log.d(TAG, "Registered with Bayun successfully.") false } val failureCallback = Handler.Callback { message -> val error = message.data.getString("BayunError", "") Log.d(TAG, "Employee registration failed.") false } bayunCore.setNewUserCredentials( securityQuestionsAnswers, passpharse, authorizeEmployeeCallback, successCallback, failureCallback) false } val securityQuestionsCallback = Handler.Callback { val bundle = it.getData() //securityQuestionsArray is a list of Security Question Objects with questionId, questionText val securityQuestionsArray = bundle.getSerializable("securityQuestions") as ArrayList var answers = ArrayList() val securityAnswer1 = SecurityAnswer(securityQuestionsArray.get(0).getQuestionId(),"".toCharArray()) val securityAnswer2 = SecurityAnswer(securityQuestionsArray.get(1).getQuestionId(),"".toCharArray()) val securityAnswer3 = SecurityAnswer(securityQuestionsArray.get(2).getQuestionId(),"".toCharArray()) val securityAnswer4 = SecurityAnswer(securityQuestionsArray.get(3).getQuestionId(),"".toCharArray()) val securityAnswer5 = SecurityAnswer(securityQuestionsArray.get(4).getQuestionId(),"".toCharArray()) answers.add(securityAnswer1) answers.add(securityAnswer2) answers.add(securityAnswer3) answers.add(securityAnswer4) answers.add(securityAnswer5) val authorizeEmployeeCallback = Handler.Callback { Log.d(TAG, "Authorization of employeePublicKey is Pending.") val employeePublicKey = it.data.getString("employeePublicKey", "") false } val successCallback = Handler.Callback { Log.d(TAG, "Registered with Bayun successfully.") false } val failureCallback = Handler.Callback { message -> val error = message.data.getString("BayunError", "") Log.d(TAG, "One or more answers are incorrect.") false } bayunCore.validateSecurityQuestions(answers, authorizeEmployeeCallback, successCallback, failureCallback) false } val passphraseCallback = Handler.Callback { //Show custom UI to take user input for the passphrase. val passpharse =""; val authorizeEmployeeCallback = Handler.Callback { Log.d(TAG, "Authorization of employeePublicKey is Pending.") val employeePublicKey = it.data.getString("employeePublicKey", "") false } val successCallback = Handler.Callback { Log.d(TAG, "Passphrase is validated and registered with Bayun successfully.") false } val failureCallback = Handler.Callback { message -> val error = message.data.getString("BayunError", "") Log.d(TAG, "Employee registration failed.") false } //Call validatePassphrase function with the user provided passphrase. bayunCore.validatePassphrase(passpharse, authorizeEmployeeCallback, successCallback, failureCallback); false } val successCallback = Handler.Callback { Log.d(TAG, "Registered with Bayun successfully.") false } val failureCallback = Handler.Callback { message -> val error = message.data.getString("BayunError", "") Log.d(TAG, "Employee registration failed.") false } bayunCore.registerEmployeeWithoutPassword( this, companyName, companyEmployeeId, email, isCompanyOwnedEmail, authorizeEmployeeCallback, newUserCredentialsCallback, securityQuestionsCallback, passphraseCallback, successCallback, failureCallback ) [Previous5.1 Register with Password](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.1-register-with-password) [Next5.3 Login with Password](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.3-login-with-password) Last updated 1 year ago Was this helpful? --- # 6.4 Get Locking Key | BayunCoreSDK Android Programming Guide Most developers do not need to use this function, and should instead rely on appropriate lock/unlock methods for encrypting and decrypting all data. This is meant only for highly advanced use-cases where the developer needs to use some custom encryption algorithm and/or explicitly add/validate signatures on some special piece of data or stream which can’t be easily passed to standard lock/unlock methods. In this case, the keys returned by this function should be used very carefully for a single object or stream, and then destroyed immediately after encryption/decryption or signature generation/verification is done. The `getLockingKey` function of `BayunCore` class returns locking key along with the keys for signature generation and signature verification for an encryption policy. The function takes the following parameters : * **encryptionPolicy** : [BayunEncryptionPolicy](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods#encryption-policy) determines the key to be used to generate the lockingKey. * **keyGenerationPolicy** : [BayunKeyGenerationPolicy](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods#key-generation-policy) determine the policy to be used to generate the lockingKey. * **groupId** : GroupId is required if encryptionPolicy is `BayunEncryptionPolicyGroup`. If encryption-policy is other than `BayunEncryptionPolicyGroup` then groupId should be empty string. Java Kotlin Copy import com.bayun_module.LockingKeys int encryptionPolicy =encryptionPolicy; //bayunCore.ENCRYPTION_POLICY_DEFAULT int keyGenerationPolicy =keyGenerationPolicy; //bayunCore.KEY_GENERATION_POLICY_STATIC String groupId = ""; LockingKeys lockingKeys = bayunCore.getLockingKey(encryptionPolicy, keyGenerationPolicy, groupId); Copy import com.bayun_module.LockingKeys val encryptionPolicy:Int =encryptionPolicy //bayunCore.ENCRYPTION_POLICY_DEFAULT val keyGenerationPolicy:Int =keyGenerationPolicy //bayunCore.KEY_GENERATION_POLICY_STATIC val groupId = "groupId" var lockingKeys :LockingKeys= bayunCore.getLockingKey(encryptionPolicy, keyGenerationPolicy, groupId) The `getLockingKey` function returns a struct `LockingKeys`. Java Kotlin Copy public class LockingKeys { public String key;//Locking Key public String signatureKey; //Private Key to be used for signature generation public String signatureVerificationKey; //Private Key to be used for signature generation } Copy class LockingKeys { var key : String? = null //Locking Key var signatureKey : String? = null //Private Key to be used for signature generation var signatureVerificationKey : String? = null //Private Key to be used for signature generation } [Previous6.3 Lock/Unlock Data](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods/5.3-data-locking-unlocking) [Next7\. Groups](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups) Last updated 1 year ago Was this helpful? --- # 6. BayunCoreSDK Operations | BayunCoreSDK Android Programming Guide [](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods#encryption-policy) Encryption Policy ------------------------------------------------------------------------------------------------------------------ Use of encryption-policy, as optional argument in lock function, allows the developer to bind a specific access-policy to the data being locked. The Bayun SDK will automatically choose the right encryption-keys (creating new ones as necessary), in conjunction with the Bayun Lockbox Management Server, and putting these keys in a hierarchy of lockboxes, such that the applied policy is enforceable on the locked data irrespective of any software (potentially hacked) being used to access the data. If no policy is explicitly specified by the developer at the time of locking the data, the default policy dictated by the server is used as specified in the admin-panel settings for that company and user. The actual policy applied to the data is a combination of the encryption-policy specified in lock function and the policy dictated by the server based on settings. The developer-specified policy passed as argument to the lock function in the code always takes precedence over the default policy specified by the server. It is expected that the developer can choose the right access policy based on the business-logic of the application and context of the data being locked. Otherwise it is okay to leave the policy to DEFAULT in code here, and let the admin define de-facto rules to apply for each user and/or company. `**NONE**` : No encryption is performed. The lock function acts as a simple passthrough for data. But all accounting on data-access patterns is still performed for reporting in the admin-panel, so that complete visibility into all lock/unlock operations is still maintained. `**DEFAULT**` : Locking/unlocking is performed according to the policy dictated by the server based on admin-panel settings. `**COMPANY**` : Locking/unlocking is performed using company key i.e the enterprise encryption key. Every employee of the same company will have access to this enterprise encryption key in their lockbox, and so will technically be able to access this data. `**EMPLOYEE**`: Locking/unlocking is performed using individual employee key. Nobody other than the user herself has access to this encryption-key, and so nobody else will be able to access this data. `**GROUP**` : Locking/unlocking is performed using group key. A groupId has to be specified while using this policy. Only members of the specified group will be able to access this data (see the [Groups](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups) section in this Guide for details). [](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods#key-generation-policy) Key Generation Policy -------------------------------------------------------------------------------------------------------------------------- Use of key generation policy, as optional argument in lock function, allows the developer to determine the policy to generate Encryption Key for the data being locked. If no policy is explicitly specified by the developer at the time of locking the data, the default policy dictated by the server is used as specified in the admin-panel settings for that company and user. The developer-specified policy passed as argument to the lock function in the code always takes precedence over the default policy specified by the server. Unless the developer has a specific reason to use a particular policy for key generation to encrypt any particular piece of data, it is best to leave this to default so that the admin can choose the right policy in most cases. `**DEFAULT**` : Encryption of every data object is done with the key generated according to the key generation policy dictated by the server based on admin-panel settings. `**STATIC**` **:** Encryption of every data object is done with same key, that is derived from the Base Key. The Base Key is determined by the Policy tied to the object being locked (e.g. CompanyKey, EmployeeKey, GroupKey). `**ENVELOPE**` **:** Every data object is encrypted with its own unique key that is randomly generated. The random key itself is kept encrypted with a key derived from the Base Key. `**CHAIN**` **:** Every data object is encrypted with its own unique key, that is derived from the Base Key using a multi-dimensional chaining mechanism. [](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods#operations) Operations ---------------------------------------------------------------------------------------------------- Here is the list of operations that can be performed using BayunSDK [6.1 Lock/Unlock File](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods/5.1-file-locking-unlocking) [6.2 Lock/Unlock Text](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods/5.2-text-locking-unlocking) [6.3 Lock/Unlock Data](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods/5.3-data-locking-unlocking) [6.4 Get Locking Key](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods/6.4-get-locking-key) [Previous5.6 Change Password](https://bayun.gitbook.io/bayuncoresdk-android/4-authentication/5.6-change-password) [Next6.1 Lock/Unlock File](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods/5.1-file-locking-unlocking) Last updated 1 year ago Was this helpful? --- # 6.2 Lock/Unlock Text | BayunCoreSDK Android Programming Guide ### [](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods/5.2-text-locking-unlocking#id-6.2.1-lock-text) 6.2.1 Lock Text The `lockText` method of `BayunCore` class locks text with default `encryption-policy` and `key-generation-policy` dictated by server settings. * **Parameters** * **text** : Text to be locked. * **success** : Success block to be executed after text is successfully locked, returns locked text through key "lockedText". * **failure** : Failure block to be executed if locking fails, returns `BayunError`. Java Kotlin Copy String plaintext = ""; // Callbacks for locking text Handler.Callback success = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String lockedText = message.getData().getString("lockedText", ""); return false; } } Handler.Callback failure = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Error locking text."); return false; } }; bayunCore.lockText(plaintext, success, failure); Copy val plaintext = "<plainText>" // Callbacks for locking text val success = Handler.Callback { val lockedText = it.data.getString("lockedText", "") false } val failure = Handler.Callback { val error = it.data.getString("BayunError", "") Log.d(TAG, "Error locking text.") false } bayunCore.lockText(plaintext, success, failure) ### [](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods/5.2-text-locking-unlocking#id-6.2.2-lock-text-with-encryption-policy-key-generation-policy) 6.2.2 Lock Text with Encryption Policy, Key Generation Policy The `lockText` method with encryption policy, key generation policy as parameters locks text with the encryption key dictated by the policy. * **Parameters** * **text** : Text to be locked. * **encryptionPolicy** : [BayunEncryptionPolicy](https://docs.bayunsystems.com/bayuncoresdk-android/5.-bayuncoresdk-methods#encryption-policy) determines the key for locking. * **keyGenerationPolicy** : [BayunKeyGenerationPolicy](https://docs.bayunsystems.com/bayuncoresdk-android/5.-bayuncoresdk-methods#key-generation-policy) determines the policy to generate the data encryption key. * **groupId** : GroupId is required if encryptionPolicy is `BayunEncryptionPolicyGroup`. * **success** : Success block to be executed after text is successfully locked, returns locked text through key "lockedText". * **failure** : Failure block to be executed if locking fails, returns `BayunError`. Java Kotlin Copy String plaintext = "<plainText>"; int encryptionPolicy = BayunCore.ENCRYPTION_POLICY_COMPANY; int keyGenerationPolicy = BayunCore.KEY_GENERATION_POLICY_ENVELOPE; String groupId = "<groupId>"; // Callbacks for locking text Handler.Callback success = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String lockedText = message.getData().getString("lockedText", ""); return false; } } Handler.Callback failure = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Error locking text."); return false; } }; bayunCore.lockText(plaintext, encryptionPolicy, keyGenerationPolicy, groupId, success, failure); Copy val plaintext = "<plainText>" val encryptionPolicy = BayunCore.ENCRYPTION_POLICY_COMPANY val keyGenerationPolicy = BayunCore.KEY_GENERATION_POLICY_ENVELOPE val groupId = "<groupId>" // Callbacks for locking text val success = Handler.Callback { val lockedText = it.data.getString("lockedText", "") false } val failure = Handler.Callback { val error = it.data.getString("BayunError", "") Log.d(TAG, "Error locking text.") false } bayunCore.lockText(plaintext, encryptionPolicy, keyGenerationPolicy, groupId, success, failure) If encryption-policy is other than `BayunEncryptionPolicyGroup` then groupId should be **null**. ### [](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods/5.2-text-locking-unlocking#id-6.2.3-unlock-text) 6.2.3 Unlock Text The `unlockText` method of `BayunCore` class unlocks text. * **Parameters** * **text** : Text to be unlocked. * **success** : Success block to be executed after text is successfully unlocked, returns unlocked text through key "unlockedText". * **failure** : Failure block to be executed if unlocking fails, returns BayunError. Java Kotlin Copy String lockedText = "<lockedText>"; // Callbacks for unlocking text Handler.Callback success = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String unlockedText = message.getData().getString("unlockedText", ""); return false; } } Handler.Callback failure = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Error unlocking text."); return false; } }; bayunCore.unlockText(lockedText, success, failure); Copy val lockedText = "<lockedText>" // Callbacks for unlocking text val success = Handler.Callback { val unlockedText = it.data.getString("unlockedText", "") false } val failure = Handler.Callback { val error = it.data.getString("BayunError", "") Log.d(TAG, "Error unlocking text.") false } bayunCore.unlockText(lockedText, success, failure) [Previous6.1 Lock/Unlock File](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods/5.1-file-locking-unlocking) [Next6.3 Lock/Unlock Data](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods/5.3-data-locking-unlocking) Last updated 1 year ago Was this helpful? --- # 6.1 Lock/Unlock File | BayunCoreSDK Android Programming Guide ### [](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods/5.1-file-locking-unlocking#id-6.1.1-lock-file) 6.1.1 Lock File T he `lockFile` method of `BayunCore` class locks a file with default `encryption-policy` and `key-generation-policy` dictated by server settings. * **Parameters** * **filePath** : Path of the file to be locked. * **success** : Success block to be executed after file is successfully locked. * **failure** : Failure block to be executed if locking fails, returns `BayunError`. The file at the given file path is overwritten with the locked file. If file locking fails original file is not changed. Java Kotlin Copy String fileURL = file.getAbsolutePath(); // Success Callback Handler.Callback success = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "File locked successfully."); return false; } } // Failure Callback Handler.Callback failure = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Error locking file."); return false; } }; bayunCore.lockFile(fileURL, success, failure); Copy val fileURL = file.getAbsolutePath() // Success Callback val success = Handler.Callback { Log.d(TAG, "File locked successfully.") false } // Failure Callback val failure = Handler.Callback { val error = it.data.getString("BayunError", "") Log.d(TAG, "Error locking file.") false } bayunCore.lockFile(fileURL, success, failure) ### [](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods/5.1-file-locking-unlocking#id-6.1.2-lock-file-with-encryption-policy-key-generation-policy) 6.1.2 Lock File with Encryption Policy, Key Generation Policy The `lockFile` method with encryption policy, key generation policy as parameters locks file with the encryption key dictated by the policy. * **Parameters** * **filePath** : Path of the file to be locked. * **encryptionPolicy** : [BayunEncryptionPolicy](https://docs.bayunsystems.com/bayuncoresdk-android/5.-bayuncoresdk-methods#encryption-policy) determines the key for locking. * **keyGenerationPolicy** : [BayunKeyGenerationPolicy](https://docs.bayunsystems.com/bayuncoresdk-android/5.-bayuncoresdk-methods#key-generation-policy) determines the policy to generate the data encryption key. * **groupId** : GroupId is required if encryptionPolicy is `BayunEncryptionPolicyGroup`. * **success** : Success block to be executed after file is successfully locked. * **failure** : Failure block to be executed if locking fails, returns `BayunError`. Java Kotlin Copy String fileURL = file.getAbsolutePath(); int encryptionPolicy = BayunCore.ENCRYPTION_POLICY_COMPANY; int keyGenerationPolicy = BayunCore.KEY_GENERATION_POLICY_ENVELOPE; String groupId = "<groupId>"; // Success Callback Handler.Callback success = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "File locked successfully."); return false; } } // Failure Callback Handler.Callback failure = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Error locking file."); return false; } }; bayunCore.lockFile(fileURL, encryptionPolicy, keyGenerationPolicy, groupId, success, failure); Copy val fileURL = file.getAbsolutePath() val encryptionPolicy = BayunCore.ENCRYPTION_POLICY_COMPANY val keyGenerationPolicy = BayunCore.KEY_GENERATION_POLICY_ENVELOPE val groupId = "<groupId>" // Callbacks for locking a file val success = Handler.Callback { Log.d(TAG, "File locked successfully.") false } val failure = Handler.Callback { val error = it.data.getString("BayunError", "") Log.d(TAG, "Error locking file.") } false } bayunCore.lockFile(fileURL, encryptionPolicy, keyGenerationPolicy, groupId, success, failure) If encryption-policy is other than `BayunEncryptionPolicyGroup` then groupId should be **null**. ### [](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods/5.1-file-locking-unlocking#id-6.1.3-unlock-file) 6.1.3 Unlock File The `unlockFile` method of `BayunCore` class unlocks a locked file. * **Parameters** * **filePath** : Path of the file to be unlocked. * **success** : Success block to be executed after file is successfully unlocked. * **failure** : Failure block to be executed if unlocking fails, returns `BayunError`. Java Kotlin Copy String fileURL = file.getAbsolutePath(); bayunCore.unlockFile(fileURL, success, failure); // Success Callback Handler.Callback success = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "File unlocked successfully."); return false; } } // Failure Callback Handler.Callback failure = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Error unlocking file."); } return false; } }; bayunCore.unlockFile(fileURL, success, failure); Copy val fileURL = file.getAbsolutePath() // Success Callback val success = Handler.Callback { Log.d(TAG, "File unlocked successfully.") false } // Failure Callback val failure = Handler.Callback { val error = it.data.getString("BayunError", "") Log.d(TAG, "Error unlocking file.") false } bayunCore.unlockFile(fileURL, success, failure) [Previous6\. BayunCoreSDK Operations](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods) [Next6.2 Lock/Unlock Text](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods/5.2-text-locking-unlocking) Last updated 1 year ago Was this helpful? --- # 6.3 Lock/Unlock Data | BayunCoreSDK Android Programming Guide ### [](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods/5.3-data-locking-unlocking#id-6.3.1-lock-data) 6.3.1 Lock Data The `lockData` method of `BayunCore` class locks generic data of type byteArray with default [BayunEncryptionPolicy](https://docs.bayunsystems.com/bayuncoresdk-android/5.-bayuncoresdk-methods) and [BayunKeyGenerationPolicy](https://docs.bayunsystems.com/bayuncoresdk-android/5.-bayuncoresdk-methods#key-generation-policy) dictated by server settings. * **Parameters** * **data** : Byte Array to be locked. * **success** : Success block to be executed after data is successfully locked, returns locked data through key "lockedData". * **failure** : Failure block to be executed if locking fails, returns BayunError. Java Kotlin Copy byte plainData[] = "Hello World".getBytes(); //Success Callback Handler.Callback success = new Handler.Callback() { @Override public boolean handleMessage(Message message) { byte[] lockedData = message.getData().getByteArray("lockedData"); Log.d(TAG, "Data locked successfully."); return false; } } //Failure Callback Handler.Callback failure = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Error locking data."); return false; } }; bayunCore.lockData(plainData, success, failure); Copy val plainData : ByteArray = "Hello World".toByteArray() //Success Callback val success = Handler.Callback { val lockedData = it.data.getByteArray("lockedData") Log.d(TAG, "Data locked successfully.") false } //Failure Callback val failure = Handler.Callback { val error = it.data.getString("BayunError", "") Log.d(TAG, "Error locking data.") false } bayunCore.lockData(plainData, success, failure) ### [](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods/5.3-data-locking-unlocking#id-6.3.2-lock-data-with-encryption-policy-key-generation-policy) **6.3.2 Lock Data** with Encryption Policy, Key Generation Policy The `lockData` method with encryption policy, key generation policy as parameters locks data with the encryption key dictated by the policy. * **Parameters** * **data** : Byte Array to be locked. * **encryptionPolicy** : [BayunEncryptionPolicy](https://docs.bayunsystems.com/bayuncoresdk-android/5.-bayuncoresdk-methods) determines the key for locking. * **keyGenerationPolicy** : [BayunKeyGenerationPolicy](https://docs.bayunsystems.com/bayuncoresdk-android/5.-bayuncoresdk-methods#key-generation-policy) determines the policy to generate the data encryption key. * **groupId** : GroupId is required if encryptionPolicy is `BayunEncryptionPolicyGroup`. * **success** : Success block to be executed after data is successfully locked, returns locked data through key "lockedData". * **failure** : Failure block to be executed if locking fails, returns BayunError. Java Kotlin Copy byte plainData[] = "Hello World".getBytes();; int encryptionPolicy = BayunCore.ENCRYPTION_POLICY_COMPANY; int keyGenerationPolicy = BayunCore.KEY_GENERATION_POLICY_ENVELOPE; String groupId = "<groupId>"; //Success Callback Handler.Callback success = new Handler.Callback() { @Override public boolean handleMessage(Message message) { byte[] lockedData = message.getData().getByteArray("lockedData"); Log.d(TAG, "Data locked successfully."); return false; } } //Failure Callback Handler.Callback failure = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Error locking data."); return false; } }; bayunCore.lockData(plainData, encryptionPolicy, keyGenerationPolicy, groupId, success, failure); Copy val plainData : ByteArray = "Hello World".toByteArray() val encryptionPolicy = BayunCore.ENCRYPTION_POLICY_COMPANY val keyGenerationPolicy = BayunCore.KEY_GENERATION_POLICY_ENVELOPE val groupId = "<groupId>" //Success Callback val success = Handler.Callback { val lockedData = it.data.getByteArray("lockedData") false } //Failure Callback Handler.Callback failure = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", "") Log.d(TAG, "Error locking data.") return false } } bayunCore.lockData(plainData, encryptionPolicy, keyGenerationPolicy, groupId, success, failure) If encryption-policy is other than `BayunEncryptionPolicyGroup` then groupId should be **null**. ### [](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods/5.3-data-locking-unlocking#id-6.3.3-unlock-data) 6.3.3 Unlock Data The `unlockData` method of `BayunCore` class unlocks generic data of type byteArray. * **Parameters** * **data** : Byte Array to be unlocked. * **success** : Success block to be executed after data is successfully unlocked, returns unlocked data through key "unlockedData". * **failure** : Failure block to be executed if unlocking fails, returns `BayunError`. Java Kotlin Copy byte lockedData[]; //Success Callback Handler.Callback success = new Handler.Callback() { @Override public boolean handleMessage(Message message) { byte[] unlockedData = message.getData().getByteArray("unlockedData"); Log.d(TAG, "Data unlocked successfully."); return false; } } //Failure Callback Handler.Callback failure = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Error unlocking data."); return false; } }; bayunCore.unlockData(lockedData, success, failure); Copy val lockedData : ByteArray //Success Callback val success = Handler.Callback { val unlockedData = it.data.getByteArray("unlockedData") false } //Failure Callback val failure = Handler.Callback { val error = it.data.getString("BayunError", "") Log.d(TAG, "Error unloking data.") false } bayunCore.unlockData(lockedData, success, failure) [Previous6.2 Lock/Unlock Text](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods/5.2-text-locking-unlocking) [Next6.4 Get Locking Key](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods/6.4-get-locking-key) Last updated 1 year ago Was this helpful? --- # 2. Getting Started | Bayun AWSS3 Wrapper JavaScript Programming Guide The Bayun SDK is provided as a .js file. You can download the Bayun SDK Library from [Github](https://github.com/bayunsystems/BayunSDK/tree/2148af39780342209b5f1cfd7e9f79135c3047d6/JavaScript/BayunCoreSDK/lib) . You can find the Bayun SDK in BayunSDK/JavaScript/BayunCoreSDK folder. You will find the Bayun AWSS3 Wrapper classes in BayunSDK/JavaScript/S3Wrapper folder. [Previous1\. Introduction](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide) [Next3\. Integrate Bayun SDK](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/3.-integrate-bayun-sdk) Last updated 2 years ago --- # 4. Authentication | Bayun AWSS3 Wrapper JavaScript Programming Guide You first need to authenticate with the Bayun's `Lockbox Management Server` before you can make use of any SecureAWSS3 methods in your app. There are two ways to authenticate with Bayun: [4.1 Authentication using Bayun APIs](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication/4.1-authentication-using-bayun-apis) [4.2 Authentication Using AWS Cognito Service Wrapper](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication/4.2-authentication-using-aws-cognito-service-wrapper) [Previous3\. Integrate Bayun SDK](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/3.-integrate-bayun-sdk) [Next4.1 Authentication using Bayun APIs](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication/4.1-authentication-using-bayun-apis) Last updated 2 years ago --- # 9. BayunRC | BayunCoreSDK Android Programming Guide BayunRC is a sample application that uses BayunCoreSDK to provide end-to-end encryption for SMS messages. It uses [RingCentral](https://www.ringcentral.com/) APIs to send and receive secure "Pager" messages within the same organization. Users can login with their RingCentral phone-number and extension, and communicate securely with other extensions associated with the same main number, without RingCentral or anyone else having access to the message contents (including Bayun itself). RingCentral's own app sees these messages as garbled text. **Register your App with RingCentral** In order to have access to the RingCentral's APIs, developer needs to register the app with RingCentral, and use the ApplicationKey and ApplicationSecret provided by RingCentral in the BayunRC sample app. To get the ApplicationKey and ApplicationSecret, see [App Development using RingCentral Developer Portal](https://developer.ringcentral.com/library/tutorials/getting-started.html##CreateYourApp) . **Build and Run BayuRC Test App** In the strings.xml file, replace the values of "application\_key\_sandbox" and "application\_secret\_key\_sandbox" with the Sandbox Application Key and Application Secret Key. Also replace the values of "application\_key\_prod" and "application\_key\_secret\_prod" with the Production Application Key and Application Secret Key respectively. Build and Run the project. You will need an active RingCentral account to login. Enter your main RingCentral phone-number in the Phone Number field, extension in the Extension field and password in the Password field. Checking the "Point to Sandbox Server" checkbox number let the app point to sandbox server else production server is pointed. **Where to Go From Here?** You can find the BayunRC app on [Github](https://github.com/bayunsystems/BayunSDK/tree/master/Android/TestApps/BayunRC) For detailed step-by-step instructions on how to build and run the Android application, see the [README](https://github.com/bayunsystems/BayunSDK/blob/master/Android/TestApps/BayunRC/README.md) file. [Previous8\. Bayun Errors](https://bayun.gitbook.io/bayuncoresdk-android/7.-bayun-errors) Last updated 1 year ago Was this helpful? --- # 5. Store And Retrieve Files securely from Amazon S3 | Bayun AWSS3 Wrapper JavaScript Programming Guide Let us first look at how a typical app is created using AWSS3 SDK and then look at the components of the S3 app that get affected using Bayun AWSS3 wrapper classes. [5.1 Transferring files using standard AWSS3 SDK](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/5.-store-and-retrieve-files-securely-from-amazon-s3/5.1-transferring-files-using-standard-awss3-sdk) [5.2 Transferring files using SecureS3](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/5.-store-and-retrieve-files-securely-from-amazon-s3/5.2-transferring-files-using-secures3) #### [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/5.-store-and-retrieve-files-securely-from-amazon-s3#undefined) [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/5.-store-and-retrieve-files-securely-from-amazon-s3#undefined-1) ------------------------------------------------------------------------------------------------------------------------------------------------- [Previous4.2.2 Using user pools with Bayun AWSS3 wrapper 'SecureAuthentication'](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication/4.2-authentication-using-aws-cognito-service-wrapper/4.2.2-using-user-pools-with-bayun-awss3-wrapper-secureauthentication) [Next5.1 Transferring files using standard AWSS3 SDK](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/5.-store-and-retrieve-files-securely-from-amazon-s3/5.1-transferring-files-using-standard-awss3-sdk) Last updated 2 years ago --- # 4.2 Authentication Using AWS Cognito Service Wrapper | Bayun AWSS3 Wrapper JavaScript Programming Guide If you are using AWS Cognito Service for user authentication, AWS Cognito Service Wrapper lets you authenticate with AWS Cognito and Bayun together. You don't need to authenticate with Bayun separately, you can use the Bayun AWS Cognito Service Wrapper APIs to signIn/signUp with AWS Cognito. Bayun AWS Cognito Service Wrapper APIs take care of the authentication with Bayun. Let us first look at how a typical app is created using user pools with the AWS SDK for JavaScript and then look at the components of the S3 app that get affected using Bayun AWSS3 wrapper class `SecureAuthentication`. [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication/4.2-authentication-using-aws-cognito-service-wrapper#add-aws-dependencies-into-project) **Add AWS dependencies into Project** --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1. Copy the amazon-cognito-auth.min.js and amazon-cognito-identity.min.js file in the project [public](https://github.com/bayunsystems/BayunSDK/tree/master/JavaScript/TestApp/BayunS3/js) folder. 2. Import amazon-cognito-auth.min.js and amazon-cognito-identity.min.js file into index.html JavaScript Copy <script src="js/amazon-cognito-auth.min.js"></script> <script src="js/amazon-cognito-identity.min.js"></script> <script src="https://sdk.amazonaws.com/js/aws-sdk-2.7.16.min.js"></script> [4.2.1 Using user pools with AWS JavaScript SDK](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication/4.2-authentication-using-aws-cognito-service-wrapper/4.2.1-using-user-pools-with-aws-javascript-sdk) [4.2.2 Using user pools with Bayun AWSS3 wrapper 'SecureAuthentication'](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication/4.2-authentication-using-aws-cognito-service-wrapper/4.2.2-using-user-pools-with-bayun-awss3-wrapper-secureauthentication) [Previous4.1 Authentication using Bayun APIs](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication/4.1-authentication-using-bayun-apis) [Next4.2.1 Using user pools with AWS JavaScript SDK](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication/4.2-authentication-using-aws-cognito-service-wrapper/4.2.1-using-user-pools-with-aws-javascript-sdk) Last updated 2 years ago --- # 5.2 Transferring files using SecureS3 | Bayun AWSS3 Wrapper JavaScript Programming Guide ### [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/5.-store-and-retrieve-files-securely-from-amazon-s3/5.2-transferring-files-using-secures3#id-5.2.1-initialize-the-secures3-object) 5.2.1 Initialize the SecureS3 object JavaScript Copy var secureS3 = new SecureS3( "<bayunSessionId>", // bayun sessionId will be returned when user successfully able to signIn. "<apiVersion>", // provided on AWS console "<accessKeyId>", // provided on AWS console "<secretAccessKey>", // provided on AWS console "<signatureVersion>", // provided on AWS console "<region>", // provided on AWS console "<bucket>", // provided on AWS console ); //set EncryptionPolicy and keyGenerationPolicy by these methods which are going //to be used while locking/encrypting a file before uploading to s3. secureS3.setEncryptionPolicy(BayunCore.EncryptionPolicy.EMPLOYEE); secureS3.setKeyGenerationPolicy(BayunCore.KeyGenerationPolicy.ENVELOPE); ### [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/5.-store-and-retrieve-files-securely-from-amazon-s3/5.2-transferring-files-using-secures3#id-5.2.2-upload-a-file-to-amazon-s3-using-secures3-object) 5.2.2 Upload a File to Amazon S3 using secureS3 object JavaScript Copy var file = "<fileToBeUpload>" //document.getElementById("file").files[0]; await secureS3.upload(file); ### [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/5.-store-and-retrieve-files-securely-from-amazon-s3/5.2-transferring-files-using-secures3#id-5.2.3-download-a-file-from-amazon-s3-using-secures3-object) 5.2.3 Download a File from Amazon S3 using secureS3 object JavaScript Copy await secureS3.downloadFile("<yourFileName.extension>"); // we can get uploaded filename from AWS buckets console By doing the above, all data written to S3 is automatically locked before upload and unlocked after download in such a manner that nobody other than the customer (and especially the developer) has access to any of the encryption keys or the data itself. [Previous5.1 Transferring files using standard AWSS3 SDK](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/5.-store-and-retrieve-files-securely-from-amazon-s3/5.1-transferring-files-using-standard-awss3-sdk) [Next6\. BayunS3](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/6.-bayuns3) Last updated 2 years ago --- # 7.1 Create Group | BayunCoreSDK Android Programming Guide Using `createGroup` method a new group is created. The group can be either of type `PUBLIC` or `PRIVATE`, from the enum GroupType in BayunCore. The user creating the group automatically becomes a member of the group, with full authorization for complete group-management functionality for that group. The developer can choose to enforce more fine-grained access controls if desired. **Method parameters :** * **groupName**: Group name(Optional) * **groupType**: Type of group. * **success**: Success block to be executed after group is successfully created. * **failure**: Failure block to be executed if group creation fails, returns BayunError. Java Kotlin Copy String groupName = "<groupName>"; //Success Callback Handler.Callback success = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String groupId = message.getData().getString("groupId"); Log.d(TAG, "Group created successfully."); return false; } }; //Failure Callback Handler.Callback failure = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Error creating group."); return false; } }; bayunCore.createGroup(groupName, BayunCore.GroupType.PUBLIC, success, failure); Copy val groupName = "<groupName>" //Success Callback val success = Handler.Callback { val groupId = it.data.getString("groupId") Log.d(TAG, "Group created successfully.") false } //Failure Callback val failure = Handler.Callback { val error = it.data.getString("BayunError", "") Log.d(TAG, "Error creating group.") false } bayunCore.createGroup(groupName, BayunCore.GroupType.PUBLIC, success, failure) [Previous7\. Groups](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups) [Next7.2 Get My Groups](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.2-get-my-groups) Last updated 1 year ago Was this helpful? --- # 7.3 Get Unjoined Public Groups | BayunCoreSDK Android Programming Guide The `getUnjoinedPublicGroups` returns all the public groups of the company, current employee is not a member of. **Method parameters :** * **success** : Success block to be executed after public groups are successfully retrieved. * **failure** : Failure block to be executed if public groups could not be retrieved, returns `BayunError`. Java Kotlin Copy ArrayList<Group> unjoinedGroupsArray; //Success Callback Handler.Callback success = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Get unjoined public groups call successful."); unjoinedGroupsArray = (ArrayList<Group>)message.getData().getSerializable("BayunUnjoinedGroupsArray"); for (Group group: unjoinedGroupsArray) { Log.d(TAG, "id: " + group.groupId); Log.d(TAG, "name: " + group.groupName); Log.d(TAG, "type: " + group.groupType); } return false; } }; //Failure Callback Handler.Callback failure = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Error getting Groups."); return false; } }; bayunCore.getUnjoinedPublicGroups(success, failure); Copy var unjoinedGroupsArray: ArrayList<Group> //Success Callback val success = Handler.Callback { Log.d(TAG, "Get unjoined public groups call successful.") unjoinedGroupsArray = it.data.getSerializable("BayunUnjoinedGroupsArray") as ArrayList<Group> for (group in unjoinedGroupsArray) { Log.d(TAG, "id: " + group.groupId) Log.d(TAG, "name: " + group.groupName) Log.d(TAG, "type: " + group.groupType) } false } //Failure Callback val failure = Handler.Callback { val error = it.data.getString("BayunError", "") Log.d(TAG, "Error getting Groups.") false } bayunCore.getUnjoinedPublicGroups(success, failure) [Previous7.2 Get My Groups](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.2-get-my-groups) [Next7.4 Join Public Group](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.3-join-public-group) Last updated 1 year ago Was this helpful? --- # 7.4 Join Public Group | BayunCoreSDK Android Programming Guide T he `joinPublicGroup` method is used to join any public group of the organisation. **Method parameters :** * **groupId** : Group Id of the Public Group. * **success** : Success block to be executed after group is successfully joined. * **failure** : Failure block to be executed if group could not be joined, returns `BayunError`. Java Kotlin Copy String groupId = "<groupId>"; //Success Callback Handler.Callback success = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Group joined successfully."); return false; } } //Failure Callback Handler.Callback failure = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Error joining group."); return false; } }; bayunCore.joinPublicGroup(groupId, success, failure); Copy val groupId = "<groupId>" //Success Callback val success = Handler.Callback { Log.d(TAG, "Group joined successfully.") false } //Failure Callback val failure = Handler.Callback { val error = it.data.getString("BayunError", "") Log.d(TAG, "Error joining group.") false } bayunCore.joinPublicGroup(groupId, success, failure) [Previous7.3 Get Unjoined Public Groups](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.4-get-unjoined-public-groups) [Next7.5 Get Group By Id](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.5-get-group-by-id) Last updated 1 year ago Was this helpful? --- # 7.2 Get My Groups | BayunCoreSDK Android Programming Guide The `getMyGroups` method returns all the groups, both public and private, current employee is member of. **Method parameters :** * **success**: Success block to be executed after employee groups are successfully retrieved. * **failure**: Failure block to be executed if employee groups could not be retrieved, returns BayunError. Java Kotlin Copy ArrayList<Group> myGroupsArray; // Callbacks to get User's joined Groups Handler.Callback success = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Get my groups call successful."); myGroupsArray = (ArrayList<Group>)message.getData().getSerializable("BayunMyGroupsArray"); for (Group group: myGroupsArray) { Log.d(TAG, "id: " + group.groupId); Log.d(TAG, "name: " + group.groupName); Log.d(TAG, "type: " + group.groupType); } return false; } }; Handler.Callback failure = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Error getting my groups."); return false; } }; bayunCore.getMyGroups(success, failure); Copy var myGroupsArray: ArrayList<Group> // Callbacks to get User's joined Groups val success = Handler.Callback { Log.d(TAG, "Get my groups call successful.") myGroupsArray = it.data.getSerializable("BayunMyGroupsArray") as ArrayList<Group> for (group in myGroupsArray) { Log.d(TAG, "id: " + group.groupId) Log.d(TAG, "name: " + group.groupName) Log.d(TAG, "type: " + group.groupType) } false } val failure = Handler.Callback { val error = it.data.getString("BayunError", "") Log.d(TAG, "Error getting my groups.") false } bayunCore.getMyGroups(success, failure) [Previous7.1 Create Group](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.1-create-group) [Next7.3 Get Unjoined Public Groups](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.4-get-unjoined-public-groups) Last updated 1 year ago Was this helpful? --- # 7.8 Remove Group Member | BayunCoreSDK Android Programming Guide The `removeFromGroup` method is used to remove a member from the Group. Any existing member of the group can remove other members. The developer can choose to build stricter access-control mechanisms on top of this if desired (e.g. only the group-owner or group-admin is authorized to remove members from the group). **Method parameters :** * **groupId** : Group Id of the Group. * **groupMember** : `GroupMember` with companyName and companyEmployeeId. * **success**: Success block to be executed after member is removed from the group. * **failure**: Failure block to be executed if member could not be removed from the group, returns `BayunError`. Java Kotlin Copy import com.bayun_module.GroupMember String companyEmployeeId = "<companyEmployeeId>"; String companyName = "<companyName>"; String groupId = "<groupId>"; GroupMember groupMember = new GroupMember(); groupMember.companyEmployeeId = companyEmployeeId; groupMember.companyName = companyName; //Success Callback Handler.Callback success = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Member is removed from the Group successfully."); return false; } } //Failure Callback Handler.Callback failure = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Error removing the group member."); return false; } }; bayunCore.removeFromGroup(groupId, groupMember, success, failure); Copy import com.bayun_module.GroupMember val companyEmployeeId = "<companyEmployeeId>" val companyName = "<companyName>" val groupId = "<groupId>" val groupMember: GroupMember = GroupMember() groupMember.companyEmployeeId = companyEmployeeId groupMember.companyName = companyName // Callbacks to remove a member from a group val success = Handler.Callback { Log.d(TAG, "Member is removed from the Group successfully.") false } val failure = Handler.Callback { val error = it.data.getString("BayunError", "") Log.d(TAG, "Error removing the group member") false } bayunCore.removeFromGroup(groupId, groupMember, success, failure) [Previous7.7 Add Group Members](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/7.7-add-group-members) [Next7.9 Remove Group Members](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/7.9-remove-group-members) Last updated 1 year ago Was this helpful? --- # 6. BayunS3 | Bayun AWSS3 Wrapper JavaScript Programming Guide BayunS3 is a sample application that uses overridden methods from S3Wrapper SDK for secure storage onto AWS S3. The app itself works exactly similar to the case of an app using the original AWS S3 SDK directly. However, the wrapper SDK automatically encrypts a file before uploading it to the S3 bucket and decrypts it after downloading it, without the application having to deal with encryption keys, etc. [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/6.-bayuns3#aws-credentials) AWS Credentials ----------------------------------------------------------------------------------------------------------------------------- To use Amazon Cognito user pools, you need an AWS account. You can create a user pool through the Amazon Cognito console. You can follow the [AWS developer guide](https://docs.aws.amazon.com/cognito/latest/developerguide/getting-started-with-cognito-user-pools.html) to create user pool. Replace the values of UserPoold, Region and ClientId their respective values in the `config.js` file. You are provided with an App Id and Application Secret when your app is registered with Bayun, see [Registering a new App](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/getting-started#2.2-register-a-new-application) . In the `config.js` file, replace value of BayunAppId, BayunAppSalt, BayunAppSecret, EnableFaceRecognition, and BaseUrl. JavaScript Copy window._config = { cognito: { userPoolId: "<userPoolId>", // e.g. us-east-4_uXbttttpAb region: "<region>", // e.g. us-east-7 clientId: "<clientId>", // e. g. 7s5cdrjuev1vd8531qace17nl2 }, }; const BayunConstants = { BAYUN_APP_ID: "<BAYUN_APP_ID>", // provided on the admin panel BAYUN_APP_SALT: "<BAYUN_APP_SALT>", // provided on the admin panel BAYUN_APP_SECRET: "<BAYUN_APP_SECRET>", // provided on the admin panel ENABLE_FACE_RECOGNITION: false | true, BASE_URL: "<BASE_URL>", // provided on the admin panel }; [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/6.-bayuns3#register-and-login) Register and Login ----------------------------------------------------------------------------------------------------------------------------------- You need to first signUp using Amazon Cognito User Pools . Enter your username, password, email and set your company name. Hit Register button, You will be redirected to verification page and you will receive a confirmation code on your email address. Enter the email address and confirmation code in the verification screen and complete your signup process. After signup you can signIn to your account. Provide your username and password to signIn. You should be able to upload/download files to/from the bucket. In the BayunS3 sample app, you have to explicitly mention your bucket name, for this the bucket has to be created(with NO-CORS policy) on AWS console in advance. You can provide your own bucket name for upload/download operations. [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/6.-bayuns3#where-to-go-from-here) Where to Go From Here? ------------------------------------------------------------------------------------------------------------------------------------------ You can find the BayunS3 app on [Github](https://github.com/bayunsystems/BayunSDK/tree/master/JavaScript/TestApp/BayunS3) . For detailed step-by-step instructions on how to build and run the JavaScript application, see the [README](https://github.com/bayunsystems/BayunSDK/blob/master/JavaScript/TestApp/BayunS3/README.md) file. [Previous5.2 Transferring files using SecureS3](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/5.-store-and-retrieve-files-securely-from-amazon-s3/5.2-transferring-files-using-secures3) Last updated 2 years ago --- # 7. Groups | BayunCoreSDK Android Programming Guide BayunSDK provides public APIs for secure group-based data-access and basic group-management. Every group has its own secret-key that is unique for the group, and is accessible only to the members of that group. This shared group-key is used to encrypt the messages that are locked with encryption-policy of group, and also authenticate members, and control access to group resources. Since nobody other than group-members have access to the group's secret-key, only those belonging to the group will be able to access data encrypted with group-policy tied to that specific groupId. Note that the main purpose of Groups functionality in Bayun framework is to enable enforcement of arbitrary data-access policies that are cryptographically tied to the data, and without burdening the developer with the headaches of key-management for the same. The framework provides only basic group-management functions for creating, modifying, and deleting a group in such a way that the developer can optionally create stricter access-control mechanisms for group-management if so desired, depending on the use-case at hand. For example, the Bayun framework treats every existing member of the group equally for group-management privileges, including the ability to add/remove other members, or delete the group. The developer can always build, or enforce, finer-grained group-management functionality on top of this, e.g. by introducing the notion of group-owner or group-admins with privileged access-rights etc. [](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups#group-types) Group Types ---------------------------------------------------------------------------------------- Group type is defined when creating a new group. Group type is an enum type and has following values: `**PUBLIC**`: The group is public to the organization. Any employee of the organization can join this group, and hence get access to the shared group-key. The group's secret-key is kept encrypted in every member's own lockbox as well as kept encrypted with company's own secret-key, so that nobody outside the company can get access to it. An existing member, who already has access to the group-key, can add any other members to the group (even those outside the company). `**PRIVATE**`: The group is private and accessible only to the existing members of the group. The group's secret-key is kept encrypted in every member's own lockbox only. An existing member can add anyone else to the member-list of the group, irrespective of whether they belong to the same company or not. [](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups#group-apis) Group APIs -------------------------------------------------------------------------------------- [7.1 Create Group](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.1-create-group) [7.2 Get My Groups](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.2-get-my-groups) [7.3 Get Unjoined Public Groups](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.4-get-unjoined-public-groups) [7.4 Join Public Group](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.3-join-public-group) [7.5 Get Group By Id](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.5-get-group-by-id) [7.6 Add Group Member](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.6-add-group-member) [7.7 Add Group Members](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/7.7-add-group-members) [7.8 Remove Group Member](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.7-remove-group-member) [7.9 Remove Group Members](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/7.9-remove-group-members) [7.10 Remove Group Members Except List](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/7.10-remove-group-members-except-list) [7.11 Leave Group](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.8-leave-group) [7.12 Delete Group](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.9-delete-group) [](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups#where-to-go-from-here) Where to go from here? ------------------------------------------------------------------------------------------------------------- The sample implementation for Group APIs can be found in the BayunS3 app, on [Github](https://github.com/bayunsystems/BayunSDK/tree/master/Android/TestApps/BayunS3) . For detailed step-by-step instructions on how to build and run the Android application, see the [README](https://github.com/bayunsystems/BayunSDK/blob/master/Android/TestApps/BayunS3/README.md) file. [Previous6.4 Get Locking Key](https://bayun.gitbook.io/bayuncoresdk-android/5.-bayuncoresdk-methods/6.4-get-locking-key) [Next7.1 Create Group](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.1-create-group) Last updated 1 year ago Was this helpful? --- # 7.5 Get Group By Id | BayunCoreSDK Android Programming Guide The `getGroupById` returns details of a group. Details include groupId, name, type, groupMembers. Any existing member of the group can retrieve details of the group, including the list of all the group members. **Method parameters :** * **groupId** : Group Id of the Group. * **success** : Success block to be executed after group details are successfully retrieved. * **failure** : Failure block to be executed if group details could not be retrieved, returns `BayunError`. Java Kotlin Copy String groupId = "<groupId>"; Group groupDetails; // Callbacks to get group info by its id Handler.Callback success = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Get group by id call successful."); groupDetails = (Group)message.getData().getSerializable("BayunGetGroup"); Log.d(TAG, "group id: " + groupDetails.groupId); Log.d(TAG, "group name: " + groupDetails.groupName); Log.d(TAG, "group type: " + groupDetails.groupType); ArrayList<GroupMember> groupMembers = (ArrayList<GroupMember>)groupDetails.groupMembers; for (GroupMember member: groupMembers) { Log.d(TAG, "companyEmployeeId: " + member.companyEmployeeId)); Log.d(TAG, "companyId: " + member.companyId); Log.d(TAG, "companyName: " + member.companyName)); } return false; } }; Handler.Callback failure = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Error getting group."); return false; } }; bayunCore.getGroupById(groupId, success, failure); Copy var groupId = "<groupId>" var groupDetails: Group // Callbacks to get group info by its id val success = Handler.Callback { Log.d(TAG, "Get group by id call successful.") groupDetails = it.data.getSerializable("BayunGetGroup") as Group Log.d(TAG, "group id: " + groupDetails.groupId) Log.d(TAG, "group name: " + groupDetails.groupName) Log.d(TAG, "group type: "+ groupDetails.groupType) val groupMembers = groupDetails.groupMembers as ArrayList<GroupMember> for (member in groupMembers) { Log.d(TAG, "companyEmployeeId: " + member.companyEmployeeId) Log.d(TAG, "companyId: " + member.companyId) Log.d(TAG, "companyName: " + member.companyName) } false } val failure = Handler.Callback { val error = it.data.getString("BayunError", "") Log.d(TAG, "Error getting group.") false } bayunCore.getGroupById(groupId, success, failure) [Previous7.4 Join Public Group](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.3-join-public-group) [Next7.6 Add Group Member](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.6-add-group-member) Last updated 1 year ago Was this helpful? --- # 5.1 Transferring files using standard AWSS3 SDK | Bayun AWSS3 Wrapper JavaScript Programming Guide Add the following to the scripts: JavaScript Copy <script src="https://sdk.amazonaws.com/js/aws-sdk-2.726.0.min.js"></script> ### [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/5.-store-and-retrieve-files-securely-from-amazon-s3/5.1-transferring-files-using-standard-awss3-sdk#id-5.1.1-initialize-the-s3-object) 5.1.1 Initialize the S3 object Pass your Amazon credentials to the secureS3 constructor. JavaScript Copy let isConfigUpdate = false; let s3; try { if (!window.AWS) { return } if (!isConfigUpdate) { window.AWS.config.update(({ region: <region> })); isConfigUpdate = true; } s3 = new window.AWS.S3({ credentials: new window.AWS.Credentials({ apiVersion: "<apiVersion>", accessKeyId: "<accessKeyId>", secretAccessKey: "<secretAccessKey>", signatureVersion: "<signatureVersion>", region: "<region>", bucket: "<bucket>" }) }); } catch (error) { console.log(error) } ### [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/5.-store-and-retrieve-files-securely-from-amazon-s3/5.1-transferring-files-using-standard-awss3-sdk#id-5.1.2-upload-a-file-to-amazon-s3) 5.1.2 Upload a File to Amazon S3 To upload a file to S3, instantiate a s3 object. Call upload() and pass the following parameters: JavaScript Copy let lockedBase64ToArrayBuffer = "<fileToUploadInBase64Format>"; let fileType = "<fileType>"; let fileName = <"fileName>"; let bucket = "<bucketName>"; await this.uploadToS3Bucket( lockedBase64ToArrayBuffer, (progress) => { console.log(progress) }, fileType, fileName, ); uploadToS3Bucket = async (stream, progressCallBack, fileType, fileName) => { try { let uploadItem = await s3.upload({ Bucket: bucket, Key: fileName, ContentType: fileType, Body: stream }).on("httpUploadProgress", function (progress) { console.log("progress=>", progress) progressCallBack(this.getUploadingProgress(progress.loaded, progress.total)); }).promise(); console.log("uploadItem=>", uploadItem); return uploadItem; } catch (error) { console.log(error) } } ### [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/5.-store-and-retrieve-files-securely-from-amazon-s3/5.1-transferring-files-using-standard-awss3-sdk#id-5.1.3-download-a-file-from-amazon-s3) 5.1.3 Download a File from Amazon S3 To download a file to S3, instantiate a s3 object. Call getObject() and pass the following parameters: JavaScript Copy await s3.getObject( { Bucket: "<YourBucketName>", Key: "<YourFileName>" }, async function (error, data) { if (error != null) { alert("Failed to retrieve an object: " + error); } else { //alert("Loaded " + data.ContentLength + " bytes"); // do something with data.Body console.log("Downloaded Image Data :", data); console.log("Array ", data.Body); } } ); ### [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/5.-store-and-retrieve-files-securely-from-amazon-s3/5.1-transferring-files-using-standard-awss3-sdk#id-5.1.4-tracking-s3-transfer-progress) 5.1.4 Tracking S3 Transfer Progress To get the progress of a download or upload, use the following code snippets. For example: JavaScript Copy getUploadingProgress = async (uploadSize, totalSize) => { let uploadProgress = (uploadSize / totalSize) * 100; return Number(uploadProgress.toFixed(0)); } [Previous5\. Store And Retrieve Files securely from Amazon S3](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/5.-store-and-retrieve-files-securely-from-amazon-s3) [Next5.2 Transferring files using SecureS3](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/5.-store-and-retrieve-files-securely-from-amazon-s3/5.2-transferring-files-using-secures3) Last updated 2 years ago --- # 7.6 Add Group Member | BayunCoreSDK Android Programming Guide The `addInGroup` method is used to add a new member to the Group. The member to be added in the group may belong to a different company, provided that the company and the member must already be registered with Bayun. Any existing member of the group can add a new member. The developer can enforce stricter access-mechanisms on top if desired (e.g. only group-owner or group-admin is allowed to add new members). **Method parameters :** * **groupId**: Group Id of the Group. * **groupMember** : `GroupMember` with companyName and companyEmployeeId * **success**: Success block to be executed after member is added to the group. * **failure**: Failure block to be executed if member could not be added to the group, returns `BayunError`. Java Kotlin Copy import com.bayun_module.GroupMember String companyEmployeeId = "<companyEmployeeId>"; String companyName = "<companyName>"; String groupId = "<groupId>"; GroupMember groupMember = new GroupMember(); groupMember.companyEmployeeId = companyEmployeeId; groupMember.companyName = companyName; //Success Callback Handler.Callback success = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Member added in the Group successfully."); return false; } } //Failure Callback Handler.Callback failure = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Error adding the group member."); return false; } }; bayunCore.addInGroup(groupId, groupMember, success, failure); Copy import com.bayun_module.GroupMember val companyEmployeeId = "<companyEmployeeId>" val companyName = "<companyName>" val groupId = "<groupId>" val groupMember: GroupMember = GroupMember() groupMember.companyEmployeeId = companyEmployeeId groupMember.companyName = companyName //Success Callback val success = Handler.Callback { Log.d(TAG, "Member added in the Group successfully.") false } //Failure Callback val failure = Handler.Callback { val error = it.data.getString("BayunError", "") Log.d(TAG, "Error adding the group member.") false } bayunCore.addInGroup(groupId, groupMember, success, failure) [Previous7.5 Get Group By Id](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.5-get-group-by-id) [Next7.7 Add Group Members](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/7.7-add-group-members) Last updated 1 year ago Was this helpful? --- # 4.2.2 Using user pools with Bayun AWSS3 wrapper 'SecureAuthentication' | Bayun AWSS3 Wrapper JavaScript Programming Guide Here User Registration, SignUp Confirmation, SignIn, SignOut needs to be done with **SecureAuthentication** instance. Before creating SecureAuthentication instance, user have to declear these following parameters of AWS and Bayun which will be further used by Bayun AWSS3 wrapper 'SecureAuthentication'. JavaScript Copy window._config = { cognito: { userPoolId: "<userPoolId>", // e.g. us-east-2_uXboG5pAb region: "<region>", // e.g. us-east-2 clientId: "<clientId>", // e.g. 7asdfvasdasdufe7hf47fhasd }, }; const BayunConstants = { BAYUN_APP_ID: "<BAYUN_APP_ID>", // provided on admin panel BAYUN_APP_SALT: "<BAYUN_APP_SALT>", // provided on admin panel BAYUN_APP_SECRET: "<BAYUN_APP_SECRET>", // provided on admin panel ENABLE_FACE_RECOGNITION: false | true, BASE_URL: "<BASE_URL>", // provided on admin panel }; ### [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication/4.2-authentication-using-aws-cognito-service-wrapper/4.2.2-using-user-pools-with-bayun-awss3-wrapper-secureauthentication#set-up-the-secureauthentication-object) Set Up the SecureAuthentication object The SecureAuthentication is a JavaScript class, and must be provided with companyName before using it. JavaScript Copy var secureAuthentication = new SecureAuthentication("<companyName>"); ### [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication/4.2-authentication-using-aws-cognito-service-wrapper/4.2.2-using-user-pools-with-bayun-awss3-wrapper-secureauthentication#register-a-user) Register a User Use SecureAuthentication's method `register` to register a new user instead of relying on standard AWS SDK's signUp method. JavaScript Copy var registerBayunWithPwd = true | false; var companyName = "<CompanyName>"; var companyEmployeeId = "<companyEmployeeId>"; var email = "<email>"; var password = "<password>"; var confirmPassword = "<confirmPassword>"; if (password != confirmPassword) { throw "Passwords Do Not Match!" } var secureAuth = new SecureAuthentication(companyName); let sessionId = "<sessionId>"; // eg. "4h5u45u45" await secureAuth.register(sessionId, companyEmployeeId, email, password, registerBayunWithPwd); ### [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication/4.2-authentication-using-aws-cognito-service-wrapper/4.2.2-using-user-pools-with-bayun-awss3-wrapper-secureauthentication#confirm-signup) Confirm Signup Confirm a users' sign up with the confirmation code using SecureAuthentication's `confirmSignUp` method. Use this method instead of `CognitoUser`'s method, to confirm signup with both Cognito and Bayun. JavaScript Copy let email = "<email>"; let code = "<code>"; var companyName = "<CompanyName>"; var secureAuth = new SecureAuthentication(companyName); secureAuth.confirmSignUp(email,code); ### [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication/4.2-authentication-using-aws-cognito-service-wrapper/4.2.2-using-user-pools-with-bayun-awss3-wrapper-secureauthentication#sign-in-a-user) Sign in a user Use SecureAuthentication's `signIn` method to get a session, using email and password, with both Cognito and Bayun, instead of `CognitoUser`'s method. JavaScript Copy var loginWithPwd = false | true; var email = "<email>"; //required if loginWithPwd is false var companyName = "<CompanyName>"; var companyEmployeeId = "<companyEmployeeId>"; var password = "<password>"; //required if loginWithPwd is true let sessionId = "<sessionId>"; // eg. "4h5u45u45" var secureAuth = new SecureAuthentication(companyName); sessionId = await secureAuth.login(sessionId, companyEmployeeId, email, password, loginWithPwd); ### [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication/4.2-authentication-using-aws-cognito-service-wrapper/4.2.2-using-user-pools-with-bayun-awss3-wrapper-secureauthentication#sign-out-a-user) Sign out a user Use SecureAuthentication's `signOut` method to clear all tokens and logout of Bayun as well, instead of using `CognitoUser`'s method. User will have to go through the authentication process to get tokens. JavaScript Copy var companyName = "<CompanyName>"; var secureAuth = new SecureAuthentication(companyName)); secureAuth.signOut(); [Previous4.2.1 Using user pools with AWS JavaScript SDK](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication/4.2-authentication-using-aws-cognito-service-wrapper/4.2.1-using-user-pools-with-aws-javascript-sdk) [Next5\. Store And Retrieve Files securely from Amazon S3](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/5.-store-and-retrieve-files-securely-from-amazon-s3) Last updated 2 years ago --- # 8. Bayun Errors | BayunCoreSDK Android Programming Guide Following are the errors thrown by the Bayun SDK, along with a description for each error. * **ERROR\_ACCESS\_DENIED** **:** If user access is denied(authentication token expires) or if user does not have right to perform certain operation, library returns `BayunErrorAccessDenied`. * **ERROR\_INTERNET\_CONNECTION** **:** If there is no internet connectivity, library returns `BayunErrorInternetConnection`. * **ERROR\_REQUEST\_TIMEOUT** **:** If request has timed out, library returns `BayunErrorRequestTimeOut`. * **ERROR\_COULD\_NOT\_CONNECT\_TO\_SERVER** **:** If Lockbox Management Server could not be reached, library returns `BayunErrorCouldNotConnectToServer`. * **ERROR\_ENCRYPTION\_FAILED** **:** If encryption fails, library returns `BayunErrorEncryptionFailed`. * **ERROR\_DECRYPTION\_FAILED** **:** If decryption fails, library returns `BayunErrorDecryptionFailed`. * **ERROR\_INVALID\_PASSPHRASE** **:** If passphrase is invalid, library returns `BayunErrorInvalidPassphrase`. * **ERROR\_INVALID\_PASSWORD** **:** If password is invalid, library returns `BayunErrorInvalidPassword`. * **ERROR\_PASSPHRASE\_CANNOT\_BE\_NULL** **:** If passphrase for validation is null, library returns `BayunErrorPassphraseCannotBeNull`. * **ERROR\_INVALID\_CREDENTIALS** **:** If credentials are invalid, library returns `BayunErrorInvalidCredentials`. * **ERROR\_CREDENTIALS\_CANNOT\_BE\_NULL** **:** If credentials for authentication are null, library returns `BayunErrorCredentialsCannotBeNull`. * **ERROR\_USER\_INACTIVE** **:** If employee Status is Inactive, library returns `BayunErrorUserInActive`. * **ERROR\_APP\_NOT\_LINKED** **:** If app is not linked with Employee Account, library returns `BayunErrorAppNotLinked`. * **ERROR\_INVALID\_APP\_ID** **:** If app id is invalid, library returns `BayunErrorInvalidAppId`. * **ERROR\_AUTHENTICATION\_FAILED** **:** If user authentication fails, library returns `BayunErrorAuthenticationFailed`. * **ERROR\_TEXT\_CANNOT\_BE\_NULL** **:** If text for encryption/decryption is null, library returns `BayunErrorTextCannotBeNull`. * **ERROR\_DATA\_CANNOT\_BE\_NULL** **:** If data for encryption/decryption is null, library returns `BayunErrorDataCannotBeNull`. * **ERROR\_FILE\_CANNOT\_BE\_NULL** **:** If file for encryption/decryption is null, library returns `BayunErrorFileCannotBeNull` * **ERROR\_COMPANY\_CANNOT\_BE\_NULL** **:** If CompanyName is null, library returns `BayunErrorCompanyNameCannotBeNull`. * **ERROR\_INVALID\_COMPANY\_NAME** **:** If company name is invalid, library returns `BayunErrorInvalidCompanyName`. * **ERROR\_COMPANY\_EMPLOYEE\_ID\_CANNOT\_BE\_NULL** **:** If CompanyEmployeeId is null, library returns `BayunErrorCompanyEmployeeIdCannotBeNull`. * **ERROR\_GROUP\_ID\_CANNOT\_BE\_NULL** **:** If GroupId is null, library returns `BayunErrorGroupIdCannotBeNull`. * **ERROR\_EMPLOYEE\_DOESNT\_EXIST** **:** If the employee does not exists, library returns `BayunErrorEmployeeDoesNotExist`. * **ERROR\_INVALID\_GROUP\_ID** **:** If groupId does not exists for GroupId, library returns `BayunErrorGroupDoesNotExistsForGroupId`. * **ERROR\_EMPLOYEE\_DOESNT\_BELONG\_TO\_GROUP** **:** If employee does not belong to Group, library returns `BayunErrorGroupDoesNotExistForGroupId`. * **ERROR\_MEMBER\_EXISTS\_IN\_GROUP** **:** If member already exists in the Group, library returns `BayunErrorMemberAlreadyExistsInGroup`. * **ERROR\_CANNOT\_JOIN\_PRIVATE\_GROUP** **:** If member tries to join private in the Group, library returns `BayunErrorCannotJoinPrivateGroup`. * **ERROR\_GROUP\_TYPE\_CANNOT\_BE\_NULL** **:** If no group type is specified when creating a new group, library returns `BayunGroupTypeCannotBeNull`. * **ERROR\_NO\_INPUT\_JSON** **:** If no json hashmap is specified, library returns `BayunErrorNoInputJSON` . * **ERROR\_NO\_KEY\_FORMAT\_HASHMAP** **:** If no key format hashmap is specified, library returns `BayunErrorNoKeyFormatHashmap`. * **ERROR\_DEVICE\_PASSCODE\_NOT\_SET** **:** If the device has no screen lock enabled, library returns `BayunErrorDevicePasscodeNotSet`. Locked screen is required for SDK to work. * **ERROR\_REAUTHENTICATION\_NEEDED** **:** If it's needed for the user to be authenticated again, library returns `BayunErrorLoginNeeded`. * **ERROR\_DEVICE\_AUTHENTICATION\_REQUIRED** **:** If device locked screen authentication is cancelled by the user, library throws `BayunErrorDeviceAuthenticationRequired`. * **ERROR\_AT\_LEAST\_THREE\_ANSWERS\_REQUIRED** **:** If user answers less than Three security questions, library returns `BayunErrorAtleastThreeAnswersRequired`. * **ERROR\_INCORRECT\_ANSWERS** **:** If user has provided wrong answers for more than Two out of Five security questions, library returns `BayunErrorIncorrectAnswers`. * **ERROR\_EMPLOYEE\_NOT\_EXISTS** **:** If autoCreate is disabled and the entered employee doesn't exist, SDK returns `BayunErrorEmployeeDoesNotExistsInGivenCompany`. * **ERROR\_COMPANY\_NOT\_EXISTS** **:** If autoCreate is disabled and the entered company doesn't exist, SDK returns `BayunErrorCompanyDoesNotExist`. * **ERROR\_INVALID\_APP\_SECRET** **:** If the app secret provided is invalid, the SDK returns `BayunErrorInvalidAppSecret`. * **ERROR\_EMPLOYEE\_VERIFICATION\_FAILED** **:** If the verification fails for any of the keys of the employee, the SDK returns `BayunErrorEmployeeVerificationFailed`. * **ERROR\_USER\_ALREADY\_EXISTS** **:** If employee with the given employeeId already exists in the company, the SDK returns `BayunErrorUserAlreadyExists`. * **ERROR\_USER\_PASSWORD\_VERIFICATION\_ENABLED** **:** If the user being used to register a new employee has password verification enabled, SDK returns `BayunErrorUserPasswordVerificationEnabled` * **ERROR\_APP\_NOT\_EXISTS\_FOR\_ID** **:** If the app does not exists, library returns `BayunErrorAppDoesNotExist`. * **ERROR\_EMPLOYEE\_DEACTIVATED** **:** If the Employee has been deactivated by Admin, library returns `BayunErrorAppDoesNotExist` * **ERROR\_LINK\_USER\_ACCOUNT** **:** If login to Admin Panel is required to link the User Account with an existing Employee Account, library returns `BayunErrorLinkUserAccount`. * **ERROR\_EMPLOYEE\_ALREADY\_EXISTS** **:** If employee already exist with this complayee, library returns `BayunErrorAppDoesNotExist`. * **ERROR\_SOMETHING\_WENT\_WRONG** **:** If error is unknown, library returns `BayunErrorSomethingWentWrong`. [Previous7.12 Delete Group](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.9-delete-group) [Next9\. BayunRC](https://bayun.gitbook.io/bayuncoresdk-android/8.-bayunrc) Last updated 1 year ago Was this helpful? --- # 4.1 Authentication using Bayun APIs | Bayun AWSS3 Wrapper JavaScript Programming Guide For authentication process, see [Authentication With Bayun](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication) . [Previous4\. Authentication](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication) [Next4.2 Authentication Using AWS Cognito Service Wrapper](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication/4.2-authentication-using-aws-cognito-service-wrapper) Last updated 2 years ago --- # 3. Integrate Bayun SDK | Bayun AWSS3 Wrapper JavaScript Programming Guide [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/3.-integrate-bayun-sdk#id-3.1-add-bayun-sdk-into-project) 3.1 **Add Bayun SDK into Project** ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 1. Import bayun.js file into index.html 2. Copy the bayun.js file in the project public folder. JavaScript Copy <script src="bayun.js"></script> [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/3.-integrate-bayun-sdk#id-3.2-add-bayun-dependencies) **3.2 Add Bayun Dependencies** ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- The following dependency is needed to use Facial Recognition for added protection at the time of login. 1. Import vishwam-lib.js file into index.html 2. Copy the vishwam-lib.js and models directory in the project folder. JavaScript Copy <script src="vishwam-lib.js"></script> [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/3.-integrate-bayun-sdk#id-3.3-initialize-bayuncore) **3.3 Initialize BayunCore** ------------------------------------------------------------------------------------------------------------------------------------------------------------------ Get BayunCore instance with appId, appSecret, appSalt, localStorageMode, enableFaceRecognition. * **appId :** Provided when an app is registered with Bayun. * **appSecret :** Provided when an app is registered with Bayun. * **appSalt :** Provided when an app is registered with Bayun. * **localStorageMode :** It can be `SESSION_MODE` or `EXPLICIT_LOGOUT_MODE` * `**SESSION_MODE**` **:** User data is encrypted and stored locally in sessionstorage. User data gets cleared when the page session ends and user will have to login with Bayun again. * `**EXPLICIT_LOGOUT_MODE**` **:** User data is encrypted and stored locally in localstorage. User data is kept in localstorage until the user logs out. * **enableFaceRecognition** : Boolean variable to determine whether or not to enable Face ID registration for a new user as an extra security measure. This Face ID works independently of the device-specific biometric (if any) available on the user’s end-device, and works from any device with a camera (including laptops and Android phones that may not have the built-in Face ID functionality). If enabled at the time of BayunCore init, each user can still decide on their own at the time of account registration if they want to also register their Face ID. If so chosen by the user at the time of account registration, they will be prompted to validate their Face ID every time they login from a new device. Check [Register without Password](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/4.2-register-without-password) function for more details. * **baseURL :** Provided when an app is registered with Bayun. * **bayunServerPublicKey :** Provided when an app is registered with Bayun. JavaScript Copy const appId = "<appId>"; // provided on admin panel const appSecret = "<appSecret>"; // provided on admin panel const appSalt = "<appSalt>"; // provided on admin panel const localStorageMode = BayunCore.LocalDataStorageMode.EXPLICIT_LOGOUT_MODE; const enableFaceRecognition = true; const baseURL = "<baseURL>"; // provided on admin panel const bayunServerPublicKey = "<bayunServerPublicKey>"; // provided on admin panel const bayunCore = BayunCore.init(appId, appSecret, appSalt, localStorageMode, baseURL, bayunServerPublicKey, enableFaceRecognition); [Previous2\. Getting Started](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/2.-getting-started) [Next4\. Authentication](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication) Last updated 10 months ago --- # 7.7 Add Group Members | BayunCoreSDK Android Programming Guide The `addInGroup` function is used to add new members to the Group. The members to be added in the group may belong to different companies, provided that the company and the member must already be registered with Bayun. Any existing member of the group can add a new members. The developer can enforce stricter access-mechanisms on top if desired (e.g. only group-owner or group-admin is allowed to add new members). The function takes the following parameters : * **groupId** : Group Id of the Group. * **groupMembers** : `List<GroupMember>` object. * **success** : Success block to be executed after members are added to the group. * **failure** : Failure block to be executed if members could not be added to the group, returns `BayunError`. Java Kotlin Copy import com.bayun_module.GroupMember String companyEmployeeId = "<companyEmployeeId>"; String companyName = "<companyName>"; String groupId = "<groupId>"; GroupMember groupMember = new GroupMember(); groupMember.companyEmployeeId = companyEmployeeId; groupMember.companyName = companyName; ArrayList<GroupMember> groupMembers = new ArrayList<>(); groupMembers.add(groupMember); // Success Callback Handler.Callback success = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Bundle bundle = message.getData(); ArrayList<AddMemberErrObject> errorList = (ArrayList<AddMemberErrObject>) bundle.getSerializable("ERROR_LIST"); String addedMembersCount = bundle.getString("addedMembersCount"); for (int i = 0; i < errorList.size(); i++) { AddMemberErrObject errObject = errorList.get(i); String errorMsg = errObject.errorMessage; Log.d(TAG, "ErrorMessage : "+ errorMsg); ArrayList<GroupMember> groupMemberArrayList = errObject.membersList; for (int j = 0; j < groupMemberArrayList.size(); j++) { GroupMember groupMember = groupMemberArrayList.get(j); Log.d(TAG, "companyEmployeeId : " + groupMember.companyEmployeeId); Log.d(TAG, "companyName : " + groupMember.companyName); } } return false; } }; //Failure Callback. Handler.Callback failure = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Error adding the group members."); return false; } }; bayunCore.addInGroup(groupId, groupMembers, success, failure); Copy import com.bayun_module.GroupMember val companyEmployeeId = "<companyEmployeeId>" val companyName = "<companyName>" val groupId = "<groupId>" val groupMember: GroupMember = GroupMember() groupMember.companyEmployeeId = companyEmployeeId groupMember.companyName = companyName var groupMembers = ArrayList<GroupMember>() groupMembers.add(groupMember) // Callbacks success val success = Handler.Callback { var bundle = it.data var errorList = bundle.getSerializable("ERROR_LIST") as ArrayList<AddMemberErrObject> var addedMembersCount = bundle.getString("addedMembersCount") for (errObject in errorList) { Log.d(TAG, "errorMessage: " + errObject.errorMessage) var groupMemberArrayList = errObject.membersList for (groupMember in groupMemberArrayList) { Log.d(TAG, "companyEmployeeId: " + groupMember.companyEmployeeId) Log.d(TAG, "companyName : " + groupMember.companyName); } } false } val failure = Handler.Callback { val error = it.data.getString("BayunError", "") Log.d(TAG, "Error adding the group members.") false } bayunCore.addInGroup(groupId, groupMembers, success, failure) [Previous7.6 Add Group Member](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.6-add-group-member) [Next7.8 Remove Group Member](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.7-remove-group-member) Last updated 1 year ago Was this helpful? --- # 7.9 Remove Group Members | BayunCoreSDK Android Programming Guide The `removeGroupMembers` function is used to remove a list of members from the Group. Any existing member of the group can remove other members. The developer can choose to build stricter access-control mechanisms on top of this if desired (e.g. only the group-owner or group-admin is authorized to remove members from the group). The function takes the following parameters : * **groupId** : GroupId of the group. * **groupMembers** : `List<GroupMember>` object. * **success** : Success block to be executed after group is successfully joined. * **failure** : Failure block to be executed if group could not be joined, returns `BayunError`. Java Kotlin Copy import com.bayun_module.GroupMember String companyEmployeeId = "<companyEmployeeId>"; String companyName = "<companyName>"; String groupId = "<groupId>"; GroupMember groupMember = new GroupMember(); groupMember.companyEmployeeId = companyEmployeeId; groupMember.companyName = companyName; ArrayList<GroupMember> groupMembers = new ArrayList<>(); groupMembers.add(groupMember); //Success Callback Handler.Callback success = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Members are removed from the Group successfully."); return false; } } //Failure Callback Handler.Callback failure = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Error removing the group member."); return false; } }; bayunCore.removeGroupMembers(groupId, groupMembers, success, failure); Copy import com.bayun_module.GroupMember val companyEmployeeId = "<companyEmployeeId>" val companyName = "<companyName>" val groupId = "<groupId>" val groupMember: GroupMember = GroupMember() groupMember.companyEmployeeId = companyEmployeeId groupMember.companyName = companyName var groupMembers = ArrayList<GroupMember>() groupMembers.add(groupMember) // Callbacks to remove a members from a group val success = Handler.Callback { Log.d(TAG, "Members are removed from the Group successfully.") false } val failure = Handler.Callback { val error = it.data.getString("BayunError", "") Log.d(TAG, "Error removing the group member") false } bayunCore.removeGroupMembers(groupId, groupMembers, success, failure) [Previous7.8 Remove Group Member](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.7-remove-group-member) [Next7.10 Remove Group Members Except List](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/7.10-remove-group-members-except-list) Last updated 1 year ago Was this helpful? --- # 4.2.1 Using user pools with AWS JavaScript SDK | Bayun AWSS3 Wrapper JavaScript Programming Guide Here are the details about registering, confirming, and authenticating users using standard AWS JavaScript SDK. ### [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication/4.2-authentication-using-aws-cognito-service-wrapper/4.2.1-using-user-pools-with-aws-javascript-sdk#creating-an-awscognitoidentityuserpool-object) Creating an AWSCognitoIdentityUserPool Object The following procedure describes how to create an AWSCognitoIdentityUserPool object to interact with. Visit [here](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/6.-bayuns3#aws-credentials) to know more about window.\_config file. JavaScript Copy let poolData = { UserPoolId: "<userPoolId>", // Your user pool id here, you can also use window._config to hold you userPoolId. ClientId: "<clientId>", // Your client id here, you can also use window._config to hold you clientId. }; var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData); ### [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication/4.2-authentication-using-aws-cognito-service-wrapper/4.2.1-using-user-pools-with-aws-javascript-sdk#register-a-user) Register a User Use `userPool.signUp` method to sign up a user. JavaScript Copy //attributeList is the list of parameters which are required for authentication, //user has already deleared them while creating pool on AWS. var attributeList = []; var email = "<email>"; var personalname = "<personalname>"; var dataEmail = { Name: 'email', Value: email, //get from form field }; var dataPersonalName = { Name: 'name', Value: personalname, //get from form field }; var attributeEmail = new AmazonCognitoIdentity.CognitoUserAttribute(dataEmail); var attributePersonalName = new AmazonCognitoIdentity.CognitoUserAttribute(dataPersonalName); attributeList.push(attributeEmail); attributeList.push(attributePersonalName); userPool.signUp(username, password, attributeList, null, function (err, result) { if (err) { //error while signing up console.log(err.message); console.log("result", result); alert(err.message || JSON.stringify(err)); return; } //user successfully signedup cognitoUser = result.user; console.log("User Details: ", cognitoUser); console.log('user name is ' + cognitoUser.getUsername()); }); ### [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication/4.2-authentication-using-aws-cognito-service-wrapper/4.2.1-using-user-pools-with-aws-javascript-sdk#confirm-signup) Confirm Signup Confirm a user's sign up with the confirmation code which is sent on user's email address. JavaScript Copy confirmSignUp = async(email, code) => { //required parameters to verify a user var params = { ClientId: "<clientId>", /* required */ ConfirmationCode: String(code), /* required */ Username: String(email), /* required */ }; let region = "<region>"; var cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider({ apiVersion: '2022-12-20', region }); cognitoidentityserviceprovider.confirmSignUp(params, function (err, data) { if (err) {console.log(err, err.stack);} // an error occurred else { console.log("Verification Success :" + data); //successful response } }); } ### [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication/4.2-authentication-using-aws-cognito-service-wrapper/4.2.1-using-user-pools-with-aws-javascript-sdk#sign-in-a-user) Sign in a User Use `cognitoUser.authenticateUser` method to get a session with the username and password. JavaScript Copy var authenticationData = { Username: "<email>", Password: "<password>", }; var authenticationDetails = new AmazonCognitoIdentity.AuthenticationDetails(authenticationData); var poolData = { UserPoolId: "<userPoolId>", // Your user pool id here ClientId: "<clientId>", // Your client id here }; var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData); var userData = { Username: "<email>", Pool: userPool, }; var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData); cognitoUser.authenticateUser(authenticationDetails, { onSuccess: function (result) { var accessToken = result.getAccessToken().getJwtToken(); console.log("accessToken :", accessToken); //cognitoUser.signOut(); }, onFailure: function (err) { alert(err.message || JSON.stringify(err)); }, }); ### [](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication/4.2-authentication-using-aws-cognito-service-wrapper/4.2.1-using-user-pools-with-aws-javascript-sdk#sign-out-a-user) Sign out a user Use `cognitoUser.signOut` method to log a user out. JavaScript Copy cognitoUser.signOut(); [Previous4.2 Authentication Using AWS Cognito Service Wrapper](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication/4.2-authentication-using-aws-cognito-service-wrapper) [Next4.2.2 Using user pools with Bayun AWSS3 wrapper 'SecureAuthentication'](https://bayun.gitbook.io/bayun-awss3-wrapper-javascript-programming-guide/4.-authentication/4.2-authentication-using-aws-cognito-service-wrapper/4.2.2-using-user-pools-with-bayun-awss3-wrapper-secureauthentication) Last updated 2 years ago --- # 7.11 Leave Group | BayunCoreSDK Android Programming Guide The `leaveGroup` method is used to leave any joined group. **Method parameters :** * **groupId** : Group Id of the Group. * **success** : Success block to be executed after group is left. * **failure** : Failure block to be executed if group could not be left, returns `BayunError`. Java Kotlin Copy String groupId = "<groupId>"; // Callbacks to leave a group Handler.Callback success = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Group left successfully."); return false; } } Handler.Callback failure = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Error leaving the group."); return false; } }; bayunCore.leaveGroup(groupId, success, failure); Copy val groupId = "<groupId>" // Callbacks to leave a group val success = Handler.Callback { Log.d(TAG, "Group left successfully.") false } val failure = Handler.Callback { val error = it.data.getString("BayunError", "") Log.d(TAG, "Error leaving the group.") false } bayunCore.leaveGroup(groupId, success, failure) [Previous7.10 Remove Group Members Except List](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/7.10-remove-group-members-except-list) [Next7.12 Delete Group](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.9-delete-group) Last updated 1 year ago Was this helpful? --- # 7.12 Delete Group | BayunCoreSDK Android Programming Guide The `deleteGroup` method is used to delete a group the user is a member of. Any existing member of the group can delete the group. The developer can choose to build stricter access-control mechanisms on top of this if desired (e.g. only the group-owner or group-admin is authorized to delete the group). **Method parameters :** * **groupId** : Group Id of the Group. * **success** : Success block to be executed after group is deleted. * **failure** : Failure block to be executed if group could not be deleted, returns `BayunError`. Java Kotlin Copy String groupId = "<groupId>"; //Success Callback Handler.Callback success = new Handler.Callback() { @Override public boolean handleMessage(Message message) { Log.d(TAG, "Group deleted successfully."); return false; } } //Failure Callback Handler.Callback failure = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); Log.d(TAG, "Error deleting the group."); return false; } }; bayunCore.deleteGroup(groupId, success, failure); Copy val groupId = "<groupId>" //Success Callback val success = Handler.Callback { Log.d(TAG, "Group deleted successfully.") false } //Failure Callback val failure = Handler.Callback { val error = it.data.getString("BayunError", "") Log.d(TAG, "Error deleting the group.") false } bayunCore.deleteGroup(groupId, success, failure) [Previous7.11 Leave Group](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.8-leave-group) [Next8\. Bayun Errors](https://bayun.gitbook.io/bayuncoresdk-android/7.-bayun-errors) Last updated 1 year ago Was this helpful? --- # 7.10 Remove Group Members Except List | BayunCoreSDK Android Programming Guide The `removeMembersExceptList` method is used to remove all members of the Group except the list of group members. Calling member is not removed from the group. Any existing member of the group can remove other members. The developer can choose to build stricter access-control mechanisms on top of this if desired (e.g. only the group-owner or group-admin is authorized to remove members from the group). The function takes the following parameters : * **groupId** : GroupId of the group. * **groupMembers** : `List<GroupMember>` of `GroupMember` **NOT** to be removed from the group. If the list is empty, all the members of the group are removed except the calling member. * **removeCallingMember :** Determines whether the calling member should be removed from the group or not. * **success** : Success block to be executed after group is successfully joined. * **failure** : Failure block to be executed if group could not be joined, returns `BayunError`. Java Kotlin Copy import com.bayun_module.GroupMember String companyEmployeeId = "<companyEmployeeId>"; String companyName = "<companyName>"; String groupId = "<groupId>"; boolean removeCallingMember = <removeCallingMember>; GroupMember groupMember = new GroupMember(); groupMember.companyEmployeeId = companyEmployeeId; groupMember.companyName = companyName; ArrayList<GroupMember> groupMembers = new ArrayList<>(); groupMembers.add(groupMember); //Success Callback Handler.Callback success = new Handler.Callback() { @Override public boolean handleMessage(Message message) { return false; } } //Failure Callback Handler.Callback failure = new Handler.Callback() { @Override public boolean handleMessage(Message message) { String error = message.getData().getString("BayunError", ""); return false; } }; bayunCore.removeMembersExceptList(groupId, groupMembers, removeCallingMember, success, failure); Copy import com.bayun_module.GroupMember val companyEmployeeId = "<companyEmployeeId>" val companyName = "<companyName>" val groupId = "<groupId>" val removeCallingMember = <removeCallingMember>; val groupMember: GroupMember = GroupMember() groupMember.companyEmployeeId = companyEmployeeId groupMember.companyName = companyName var groupMembers = ArrayList<GroupMember>() groupMembers.add(groupMember) // Callbacks to remove a members from a group val success = Handler.Callback { Log.d(TAG, "Members are removed from the Group successfully.") false } val failure = Handler.Callback { val error = it.data.getString("BayunError", "") Log.d(TAG, "Error removing the group member") false } bayunCore.removeMembersExceptList(groupId, groupMembers, removeCallingMember, success, failure) [Previous7.9 Remove Group Members](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/7.9-remove-group-members) [Next7.11 Leave Group](https://bayun.gitbook.io/bayuncoresdk-android/6.-groups/6.8-leave-group) Last updated 1 year ago Was this helpful? --- # 5. Authentication | BayunCoreSDK JavaScript Programming Guide The Bayun SDK (in conjunction with Lockbox Management Server backend) handles the encryption/decryption keys, and lockboxes, based on the logged-in user, and the tenant/company whose data in the app this user should have access to. So an enterprise application developer should choose the companyName and the companyEmployeeId below, using the same criteria that are used inside the application to distinguish between different companies (sometimes also referred to as tenants in a multi-tenant application), and the employees. For example, for the Gmail app (or any other GSuite App), the login-id of the user is the email address in the form of “username@bayunsystems.com”. Assuming “bayunsystems.com” (the domain-name part of the email address) is registered for a corporate-account with Google, it determines the company/tenant uniquely, and GSuite server will use policies applicable for the company this domain-name maps to. The “username” (or the complete email address “username@bayunsystems.com” itself) is the unique user-id of the user for that specific company, and determines the policies applicable to the logged-in user. So in this case, the developer should use “bayunsystems.com” as companyName for selecting the tenant, and preferably complete email address "username@bayunsystems.com" as companyEmployeeId (even though in some cases just the “username” part might suffice, it's not recommended). Note that some applications allow users with any domain to login to any tenant, even if the domain-name of the user doesn’t match that of the tenant (e.g. accounts for certain contractors of an enterprise using their own email address for login rather than corporate-emails issued to employees of that enterprise). In fact some users could even have access to multiple tenants as well in a multi-tenant application via the same user-account. In such cases, the companyName parameter should always match the domain of the tenant the user is trying to login to, and not the domain of the logging in user's email address. Also, the complete email address of the user needs to be used for companyEmployeeId here, as the domain part of the user could be different from the tenant's own domain. For a consumer application, or consumer use-case in a hybrid application, the developer can use a single companyName for all consumer/individual users. For example, GSuite applications can use “gmail.com” for all users who have consumer email addresses in the form of "username@gmail.com". The same companyName can also be used for other individual accounts using custom domains without the domain being registered for a corporate account on Google (e.g. username@customdomain.com, where customdomain.com is not registered as a corporate account). So the single companyName chosen by the developer here serves as the default tenant for all consumer accounts that don’t belong to a specific enterprise tenant. And the companyEmployeeId should be the complete email of the user (e.g. “username@gmail.com” or “username@customdomain.com”). Since both companyName and companyEmployeeId parameters are arbitrary strings, the developer can also use app's own internal companyId or tenantId for the companyName parameter, and pass app's own internal company-specific employeeId or user’s loginId as the companyEmployeeId parameter for BayunSDK. The only requirement for BayunSDK is that the companyName be unique across all the companies, and that the companyEmployeeId for each employee be unique within a given companyName. However something like this should be done only when the email address of the user or unique loginId is not available. For portability and consistency across multiple types of users, and various different types of use-cases, it is highly recommended for the developer to use the complete email address of user as companyEmployeeId when-ever available, and the domain-name of tenant as companyName, in most cases. [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication#user-login) User Login ------------------------------------------------------------------------------------------------------------------ You first need to authenticate the user with Bayun's `Lockbox Management Server (LMS)` using the login call (or register call for a new user) before you can make use of any other Bayun features in your app. Note that any of the login functions of BayunSDK needs to be called only once for a user on a new device to set up the context for that user in the device's secure enclave. There is no need to call this function every time the user starts the app, unless the user was logged-out by explicitly calling the logout function. You can choose to use Bayun's combined authentication & authorization mechanism as the primary auth for your app's users (e.g. for a brand new app, or for an existing app to replace the current auth) to keep things simple for yourself, and also provide a seamless passwordless auth experience to your users. Or alternatively, you can instead use Bayun's auth mechanism as a supplementary authentication (using additional security mechanisms on top of existing auth), or as a shadow authentication (using the same credentials as your own app), in conjunction with your app's primary authentication mechanism. If using it as supplementary or shadow authentication, make sure Bayun's register or login function is called only if, and after, your own app's authentication succeeds. Bayun relies on your own app's authentication to ensure correct password (in case of registerWithPassword) or email (in case of registerWithoutPassword e.g. with SSO) is used for a given (companyName, companyEmployeeId) combination, and the given user indeed has access to account with a specific companyName & companyEmployeeId at the time a user is registered with Bayun. The user is on-boarded onto the Bayun system after successful registration (which can optionally require explicit approval from an admin of a company or service-provider). Once a user has been on-boarded, the Bayun auth system requires use of the same password as your own app's authentication for all further login attempts if it is being used as shadow authentication (so make sure to call changePassword function appropriately in Bayun-SDK when-ever any user changes their app password for your app). If the Bayun system is being used as the primary or supplementary auth mechanism for the app, there is no need to keep any app-passwords in sync between the app and Bayun. [5.1 Register with Password](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.1-register-with-password) [5.2 Register without Password](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.2-register-without-password) [5.3 Login with Password](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.3-login-with-password) [5.4 Login without Password](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.4-login-without-password) [5.5 Logout](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.5-logout) [5.6 Change Password](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.6-change-password) [Previous4\. Integrate Bayun SDK](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/4.-integrate-bayun-sdk) [Next5.1 Register with Password](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.1-register-with-password) Last updated 1 year ago Was this helpful? --- # 1. Introduction | BayunCoreSDK JavaScript Programming Guide BayunCoreSDK provides a simple to use framework for locking/unlocking of different data-types, including files and text - for employees of a company, and/or general users, e.g. customers, contractors, or partners. Developers can integrate this framework into any application to start protecting the application data. This core SDK forms the basis for all security and control functionality provided by Bayun. In this guide you will find code and examples written in **JavaScript** for every task you'll need to implement to create an application using Bayun. You should be able to use the code provided as it is into your own apps with minimal changes. [Next2\. Quick Start Guide for Beginners](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/master-1) Last updated 1 year ago Was this helpful? --- # 2. Quick Start Guide for Beginners | BayunCoreSDK JavaScript Programming Guide For beginners, the quickest way to experience the magic of BayunCoreSDK is to create a simple app by going through the following steps: 1. As first step, get started with the overview video and the demo video available on Bayun’s website: [www.bayunsystems.com](http://www.bayunsystems.com/) 2. Register a developer account with Bayun, and create a new application by following instructions in [Getting Started](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/getting-started) section. Make sure to create a new application secret with all the 3 roles enabled, so that the same app-secret can be used everywhere in the app for easy testing. 3. Get the Bayun SDK from [github](https://github.com/bayunsystems/BayunSDK) , and integrate it into your project/application as per section [Integrate Bayun SDK](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/4.-integrate-bayun-sdk) . Look at the code of [Hello World app](https://github.com/bayunsystems/BayunSDK/tree/master/JavaScript/Quick%20Start/Hello%20World) for simple ways to use different functions of Bayun SDK inside your own app in order to secure user data. 4. For user login, after going through the instructions in the [Authentication](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication) section, just use the **loginWithPassword** function listed under section [Login With Password](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.3-login-with-password) , and make sure to set **autoCreateEmployee** parameter to True, leaving parameters **securityQuestionsCallback** and **passphraseCallback** to null. This will do away with the need to go through separate user registration flow altogether, as it will create the user account automatically if it doesn't already exist. It will also avoid having to understand the other login flow using **loginWithoutPassword** for now, which is more complicated and can be used later for advanced functionality. Do make sure that the actual passwords you use for creating any accounts are not lost, as there is no way to recover from a lost/forgotten password while using this function for user login! 5. After successful login, you can simply call **lock** and **unlock** methods listed under [BayunCoreSDK Operations](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations) for safe encryption of user data. For Encryption Policy, just use the policy **Employee**. It will ensure that none other than the user can access their data. Actually any policy other than Group policy is fairly simple to use. However use of Group policy requires more advanced functionality with separate Group Management described under the section [Groups](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups) , which can be skipped for now. 6. Optional: Join the [Bayun Developer Community Slack](https://join.slack.com/t/bayundevelope-do87454/shared_invite/zt-1z7x9wqpy-ttZ8rRCD7EzotiTzejke~Q) to get help and support from Bayun’s own team as well as from other developers using Bayun SDK. Once you have a simple test app working, you can explore more advanced functionality by going through the rest of the documentation, and slowly refining the app in different areas. For example you can use the **Group** Encryption policy with an arbitrary group that you can control the membership of (e.g. see the [Groups](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups) section). You can also try using **loginWithoutPassword** function for user login listed in section [Login without Password](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.4-login-without-password) (which does require separate user registration as per section [Register without Password](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.2-register-without-password) ), as it is designed to be used by humans (with optional Facial Recognition) and is also robust against lost/forgotten passwords, etc. For these advanced functions, you can look at example usage in the other test app(s) included in the github repository, like [BayunS3](https://github.com/bayunsystems/BayunSDK/tree/master/JavaScript/TestApp/BayunS3) . [Previous1\. Introduction](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide) [Next3\. Getting Started](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/getting-started) Last updated 1 year ago Was this helpful? --- # 3. Getting Started | BayunCoreSDK JavaScript Programming Guide [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/getting-started#id-3.1-register-as-developer) 3.1 Register as Developer -------------------------------------------------------------------------------------------------------------------------------------------------- Register with [Bayun Developer Program](https://www.digilockbox.com/admin/showRegisterEmail) as developer. Developer account facilitates the registration of applications with Bayun. [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/getting-started#id-3.2-register-a-new-application) 3.2 Register a new Application ------------------------------------------------------------------------------------------------------------------------------------------------------------ To create an application on [Bayun Console](https://www.digilockbox.com/admin/developer/showCreateApplication) , you need to provide your Application name. Click on the "Create New Application" after providing your application name. ![](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/~gitbook/image?url=https%3A%2F%2F3430862823-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252F-MHpfY_YP-BH_gMZj3FN%252Fuploads%252FhQIWudb7sbc6OqqpnWnc%252FCreateApp.png%3Falt%3Dmedia%26token%3Db86f6886-b9d5-4f19-af30-3af915ed307c&width=768&dpr=4&quality=100&sign=7983fc0c&sv=2) Create New Application We provide you with an **Application Id, Application Salt, Application Secret, Base URL and Bayun Server Public Key** when your app is registered with Bayun. The Application Id, Application Salt, Application Secret, Base URL and Bayun Server Public Key will be needed along with the other information when you login with Bayun's `Lockbox Management Server` to use Bayun features. These should be kept secure. You MUST register every new app with Bayun, and use a different Application Id and Application Secret for every app. Otherwise the data security of your apps will potentially be compromised, and the admin-panel functionality of different apps (used as a dashboard by enterprise admins for control and visibility) is also likely to get mixed-up. An `Application Id` uniquely identifies your app with Bayun across all platforms. ![](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/~gitbook/image?url=https%3A%2F%2F3430862823-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252F-MHpfY_YP-BH_gMZj3FN%252Fuploads%252FSxjNIfAWzik9uADTqiit%252FApplicationsList.png%3Falt%3Dmedia%26token%3D0e5b020f-f9c5-468f-aa40-ecdbf9c0fff7&width=768&dpr=4&quality=100&sign=3c300541&sv=2) Application List The `Application Secret` can have different `Roles`. Role defines the privileges an app will have when using a particular secret. Following are the Application Secret Roles: **ACCESS**: Secret with this role is required by an application to connect to Bayun's Server for logging-in a user, and access user’s lockbox. The app needs to provide secret with this role to the Bayun SDK for being able to make any calls on behalf of the logged-in user. So it must be there for any app that users interact with (e.g. web app, or mobile app). It works only for an existing user registered on Bayun server, and does not allow creation of a new user or new company. It is recommended that it be used as the only role granted to secret of a client side app that does not require onboarding new users. **CREATION:** Secret with this role is required by an application to create new users and new companies on Bayun's server. The application needs to provide secret with this role to the Bayun SDK for being able to make any call that requires creation of new users (e.g. while using autoCreateEmployee in `loginEmployeeWithPassword` call for a user trying to log-in for the first time, or explicitly on-boarding a new user via register call who may or may not be trying to log-in). Since an app with this role is allowed to create new user identities, the key-pairs (privateKey and publicKey) for new users are generated under control of such an app. It can be used on either the client-side or server side application built by the developer. If used on the client-side (e.g. in a mobile-app), it is strongly recommended that the same secret not have the AUTHORIZATION role as well, and authorization for the user being on-boarded is done separately (preferably on the server side). This is to ensure that a rogue app can’t create spurious users using a stolen secret. **AUTHORIZATION:** Secret with this role is required by an application to authorize on-boarding of new users and new companies on Bayun's server. The application needs to provide a secret with this role to the Bayun SDK for being able to make any call that requires authorization of new users being created (e.g. while using autoCreateEmployee in `loginEmployeeWithPassword` call itself, or explicitly calling authorizeEmployee). Before authorizing a new user account for onboarding, the app must validate that the same user is first authenticated using its own mechanism, and indeed authorized to create an account on Bayun server. It is recommended that this be used on the server side application built by the developer. If used on the client-side (e.g. in a mobile-app) for testing/trial purposes, it is strongly recommended that this secret is kept secure inside the app, and not hard-coded in the app's code. Its best if it is fetched by the app from developer's server only after authenticating the user. If the app does not need to create new users (e.g. operating with existing users only, while new users are created elsewhere), then the app-secret for that app only needs the `ACCESS` role. If the application needs to allow creation of new users as well, besides allowing existing users to login, the recommended best practice is to create one secret with roles `ACCESS` and `CREATION` for use by this app on the client side. And a separate server-side app should then authorize creation of new users using an app-secret with the role `AUTHORIZATION`. This way the user key-pair is created on the client side with the server itself never getting access to the private key of the user even temporarily, and yet the server gets to ensure that the new user is indeed authorized to be created by the app to prevent a rogue app with stolen app secret from creating fake users. ![](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/~gitbook/image?url=https%3A%2F%2F3430862823-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252F-MHpfY_YP-BH_gMZj3FN%252Fuploads%252FkaslkYk7fzyScLjxyBJa%252FAppSecrets.png%3Falt%3Dmedia%26token%3D0df665cb-8fdb-4a43-b422-979c10aec170&width=768&dpr=4&quality=100&sign=bc154ec8&sv=2) Application Secrets If you are a beginner, it is recommended that you create one Application Secret with all the 3 roles enabled for getting started quickly. You can use this single application secret for all operations while testing the app. But do refine it with multiple app-secrets appropriately, for better security, before deploying the app to production. ![](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/~gitbook/image?url=https%3A%2F%2F3430862823-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252F-MHpfY_YP-BH_gMZj3FN%252Fuploads%252FMdTMUsvPlFhq8WL4Nn24%252Fsecrets.png%3Falt%3Dmedia%26token%3Dd707e723-ca71-416d-99ed-34e257ae10da&width=768&dpr=4&quality=100&sign=22d79108&sv=2) ![](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/~gitbook/image?url=https%3A%2F%2F3430862823-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252F-MHpfY_YP-BH_gMZj3FN%252Fuploads%252FnvzgZXWpXn9dWkaSkxr9%252Fimage.png%3Falt%3Dmedia%26token%3Da489ed82-d1f9-4b00-99b1-365fac5e2aea&width=768&dpr=4&quality=100&sign=f9aeb585&sv=2) You can also edit the app Name in Bayun Console. [Previous2\. Quick Start Guide for Beginners](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/master-1) [Next4\. Integrate Bayun SDK](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/4.-integrate-bayun-sdk) Last updated 12 months ago Was this helpful? --- # 4. Integrate Bayun SDK | BayunCoreSDK JavaScript Programming Guide [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/4.-integrate-bayun-sdk#id-4.1-add-bayun-sdk-into-project) 4.1 **Add Bayun SDK into Project** ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1. Copy the bayun.js file in the project public folder. 2. Import bayun.js file into index.html JavaScript Copy <script src="bayun.js"></script> [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/4.-integrate-bayun-sdk#id-4.2-add-bayun-dependencies) **4.2 Add Bayun Dependencies** --------------------------------------------------------------------------------------------------------------------------------------------------------------- The following dependency is needed to use Facial Recognition for added protection at the time of login. 1. Copy the vishwam-lib.js and models directory in the project folder. 2. Import vishwam-lib.js file into index.html JavaScript Copy <script src="vishwam-lib.js"></script> [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/4.-integrate-bayun-sdk#id-4.3-initialize-bayuncore) **4.3 Initialize BayunCore** ----------------------------------------------------------------------------------------------------------------------------------------------------------- Get BayunCore instance with appId, appSecret, appSalt, localStorageMode, enableFaceRecognition. * **appId :** Provided when an app is registered with Bayun. * **appSecret :** Provided when an app is registered with Bayun. * **appSalt :** Provided when an app is registered with Bayun. * **localStorageMode :** It can be `SESSION_MODE` or `EXPLICIT_LOGOUT_MODE` * `**SESSION_MODE**` **:** User data is encrypted and stored locally in sessionstorage. User data gets cleared when the page session ends and user will have to login with Bayun again. * `**EXPLICIT_LOGOUT_MODE**` **:** User data is encrypted and stored locally in localstorage. User data is kept in localstorage until the user logs out. * **enableFaceRecognition** : Boolean variable to determine whether or not to enable Face ID registration for a new user as an extra security measure. This Face ID works independently of the device-specific biometric (if any) available on the user’s end-device, and works from any device with a camera (including laptops and Android phones that may not have the built-in Face ID functionality). If enabled at the time of BayunCore init, each user can still decide on their own at the time of account registration if they want to also register their Face ID. If so chosen by the user at the time of account registration, they will be prompted to validate their Face ID every time they login from a new device. Check [Register without Password](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.2-register-without-password) function for more details. * **baseURL :** Provided when an app is registered with Bayun. * **bayunServerPublicKey :** Provided when an app is registered with Bayun. JavaScript Copy const appId = "<appId>"; // provided on admin panel const appSecret = "<appSecret>"; // provided on admin panel const appSalt = "<appSalt>"; // provided on admin panel const localStorageMode = BayunCore.LocalDataStorageMode.EXPLICIT_LOGOUT_MODE; const enableFaceRecognition = true; const baseURL = "<baseURL>"; // provided on admin panel const bayunServerPublicKey = "<bayunServerPublicKey>"; // provided on admin panel const bayunCore = BayunCore.init(appId, appSecret, appSalt, localStorageMode, baseURL, bayunServerPublicKey, enableFaceRecognition); [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/4.-integrate-bayun-sdk#undefined-3) ------------------------------------------------------------------------------------------------------------- [Previous3\. Getting Started](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/getting-started) [Next5\. Authentication](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication) Last updated 10 months ago Was this helpful? --- # 5.1 Register with Password | BayunCoreSDK JavaScript Programming Guide The `registerEmployeeWithPassword` function creates a new employee on Bayun's system with supplied (companyName, companyEmployeeId) combination, for subsequent authentication requests from this app using the given password, and initializes this employee's access to Bayun. The function takes the following parameters : Let's say the user is registering an employee account with the app using their login-id of `username@bayunsystems.com`. * **sessionId** : Unique sessionId. You can provide a unique sessionId to the `registerEmployeeWithPassword` function call. If an empty sessionId i.e " " is provided, Bayun creates and returns a unique sessionId in the successful registration response in `successCallback`. Same sessionId should be provided in all the subsequent calls to the Bayun APIs as an argument. * **companyName** : Unique name of the company/tenant the registering employee belongs to, preferably in domain-name format for consistency, e.g. `bayunsystems.com`. This assumes that the user is getting access to the corresponding enterprise tenant with the same domain-name managed by their employer. In some cases the email domain of the user could be different from the domain of the tenant this user belongs to e.g. `username@customdomain.com` registering on a tenant with domain `bayunsystems.com` as a contractor, or on a generic tenant for individual accounts in a consumer use-case (e.g. tenant domain of “gmail.com”). In such a case, the domain-name part of the tenant is what should be used as the companyName parameter. Alternatively you can also choose to pass app's own internal companyId/tenantId for the registering employee as a parameter. * **companyEmployeeId** : EmployeeId unique within the company, e.g. `username@bayunsystems.com`. While just the "username" portion might suffice in some cases, it is preferable to use the full loginId for consistency (especially considering that full loginId has to be anyway used for a contractor or consumer use-case). Alternatively you can also choose to pass app's own internal employeeId that is unique within the specific companyName that was used above. * **password** : Password of the employee. Used to keep employee secret keys protected. Never stored or transmitted by BayunSDK in clear. If the developer wishes, it can be a cryptographic hash of the password instead of the cleartext password itself. Bayun just needs a unique secret known to the employee only, or something unique generated from it, for keeping the employee lockboxes protected in such a way that nobody other than the employee has access to it (similar to how iPhone does it with user’s device PIN). * **authorizeEmployeeCallback :** Block to be executed if employee public key authorization is pending, returns employeePublicKey. * **successCallback** : Success block to be executed after successful employee registration. * **failureCallback** : Failure block to be executed if employee registration fails, returns `BayunError`. First account of the Company registered with Bayun is the **Security Admin** account. ### [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.1-register-with-password#sample-code) Sample Code JavaScript Copy const sessionId = "<sessionId>"; const companyName = "bayunsystems.com"; // company portion from loginId const companyEmployeeId = "username"; // username portion from loginId const password = "<employeePassword>"; const successCallback = data => { //Employee Registered Successfully //Login to continue. }; const failureCallback = error => { console.error(error); }; const authorizeEmployeeCallback = (data) => { if (data.sessionId) { if (data.authenticationResponse == BayunCore.AuthenticateResponse.AUTHORIZATION_PENDING) { // You can get employeePublicKey in data.employeePublicKey for it's authorization } } }; bayunCore.registerEmployeeWithPassword( sessionId companyName, companyEmployeeId, password, authorizeEmployeeCallback, successCallback, failureCallback ); [Previous5\. Authentication](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication) [Next5.2 Register without Password](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.2-register-without-password) Last updated 1 year ago Was this helpful? --- # 5.5 Logout | BayunCoreSDK JavaScript Programming Guide To logout user, use `logout` function. This function can be used at the time of logging out of app. The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the login/registration function response. JavaScript Copy const sessionId = "<sessionId>"; bayunCore.logout(sessionId); [Previous5.4 Login without Password](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.4-login-without-password) [Next5.6 Change Password](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.6-change-password) Last updated 1 year ago Was this helpful? --- # 5.2 Register without Password | BayunCoreSDK JavaScript Programming Guide The `registerEmployeeWithoutPassword` function creates a new employee on Bayun's system with supplied (companyName, companyEmployeeId) combination, and links it to Bayun user account with userId matching the supplied email address (creating one if necessary). All subsequent authentication requests for this employee will require user-credentials matching the supplied security questionsAnswers (or passphrase if set). The function takes the following parameters : Let's say the user is registering an account with the app using their login-id of `username@bayunsystems.com`. * **sessionId** : Unique sessionId. You can provide a unique sessionId to the `registerEmployeeWithoutPassword` function call. If an empty sessionId i.e " " is provided, Bayun creates and returns a unique sessionId in the successful registration response in `successCallback`. Same sessionId should be provided in all the subsequent calls to the Bayun APIs as an argument. * **companyName** : Unique name of the company/tenant the registering employee belongs to, preferably in domain-name format for consistency, e.g. `bayunsystems.com`. This assumes that the user is getting access to the corresponding enterprise tenant with the same domain-name managed by their employer. In some cases the email domain of the user could be different from the domain of the tenant this user belongs to e.g. `username@customdomain.com` registering on a tenant with domain `bayunsystems.com` as a contractor, or on a generic tenant for individual accounts in a consumer use-case (e.g. tenant domain of `gmail.com`). In such a case, the domain-name part of the tenant is what should be used as the companyName parameter. Alternatively you can also choose to pass app's own internal companyId/tenantId for the registering employee as a parameter. * **companyEmployeeId** : EmployeeId unique within the company. E.g. `username@bayunsystems.com` While just the "username" portion might suffice in some cases, it is preferable to use the full loginId for consistency (especially considering that full loginId has to be anyway used for a contractor or consumer use-case). Alternatively you can also choose to pass app's own internal employeeId that is unique within the specific companyName that was used above. * **email** : Bayun userId for the new user being registered, in the form of User Principal Name (UPN) represented as an email address e.g. `username@bayunsystems.com`. For a consumer use-case, it can be the email address provided by the user themselves, or one provided/generated by the app. If no email address is available, the app can choose to construct a dummy email by concatenating the user's companyName and companyEmployeeId, e.g. <companyEmployeeId>@<companyName>.dummy-email. This email is not needed for subsequent login requests from the registered employee (as combination of companyName and companyEmployeeId uniquely identify the employee), but the credentials associated with the corresponding userId/email (e.g. security answers) will always be used for authorizing this employee from a new device. * **isCompanyOwnedEmail :** Whether the user email is an enterprise email address owned and controlled by the companyName provided above. Relevant only for enterprise apps that typically allow employees of a company to login via SSO (in such cases, the email and companyEmployeeId will be the same as user’s corporate email-address, and the domain-name of these will also match the domain of the tenant provided as companyName). It should otherwise be set to false by default. If it's a company-owned enterprise email address, then we know that the company owns it, and it can be deleted or reclaimed by the company for potential reassignment to another employee as desired. * **authorizeEmployeeCallback :** Block to be executed if employee public key authorization is pending, returns employeePublicKey. * **newUserCredentialsCallback** : Most developers can just leave it null for default functionality. It is used to set Security Questions & Answers for a new user being created, as well as an optional Passphrase, and also optionally choose whether to register FaceID for the user or not. By default, the SDK uses AlertView to take User’s input to set Security Questions & Answers, Passphrase and registerFaceID. Using a non-null callback function here, the developer can optionally provide a custom UI block for taking User’s input, to match with the look-and-feel of the app, instead of relying on the default alert-view. If non-null, this block will need to take user input for security questions & answers, passphrase and registerFaceID and call setNewUserCredentials function in the SDK. The callback is triggered to take these inputs for a new user being registered on Bayun. * **securityQuestionsCallback** : Most developers can just leave it null for default functionality. It is used for taking answers to Security Questions from an existing Bayun User. By default, the SDK uses AlertView to take User’s input for the answers to Security Questions. The developer can optionally provide a custom UI block for taking User’s input, to match with the look-and-feel of the app, instead of relying on the default alert-view. If non-null, this block will need to take user answers to the security questions as an input and call validateSecurityQuestions API method in the SDK. The Security Questions and QuestionIds are returned through data of the callback, in the form of an ArrayList of HashMap with key "securityQuestions". * **passphraseCallback** : Optional block that is called only if passphrase is enabled for an existing Bayun User. Most developers can just leave it null for default functionality. By default, the SDK uses AlertView to take user input for passphrase if it is enabled for the user. However the developer can optionally provide a custom UI block to match with the look-and-feel of the app instead of relying on the default alert-view. If non-null, this block will need to take user passphrase as input and call validatePassphrase API method in the SDK for Passphrase validation. * **successCallback** : Success block to be executed after successful user registration. * **failureCallback** : Failure block to be executed if user registration fails, returns `BayunError`. ### [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.2-register-without-password#set-new-user-credentials) Set New User Credentials The `setNewUserCredentials` function takes the following parameters : * **sessionId** : Unique SessionId which is received in the `registerEmployeeWithoutPassword` function response. * **securityQuestionsAnswers** : User is required to provide five Security Questions and their Answers. Questions Answers are in the form of an ArrayList of Object. The developer can either offer a list of Security Questions from their own question-bank to make choosing easier for the user, or they can let each user craft their own questions along-with the answers. Bayun just needs any five questions or prompts for the user to provide their respective answers, which will be cryptographically intermingled together into a single complex key to ensure that independent guessing of any specific answer can’t cause any harm. * **passphrase** : Optional Passphrase provided by the User at the time of account creation. The developer can either set it to null by default, in which case the user will need to use Security Answers for login from a new device. Or alternatively the developer can let the user choose whether to set a passphrase or not, and supply the passphrase if chosen. * **registerFaceId :** Boolean variable to determine whether or not Face ID for this user should be registered for extra security. The developer can make this choice for the user, or let the user themselves choose whether they want to use facial recognition for extra protection. Note that this user choice will be considered only if BayunCore was initialized with enableFaceRecognition enabled. In case enableFaceRecognition was set to FALSE at the time of BayunCore init, this user choice here will be ignored. If this is enabled and user Face ID is registered, all subsequent login requests by this user on a new device will require facial recognition check, in addition to standard validation through security answers. Note that the Facial Recognition model generated for user’s face during registration is itself kept encrypted on the server using a user-specific encryption-key coming from their own lockbox (and protected with a key generated from their own security answers). So there is no danger of these FR-models getting leaked in case of a server-side breach, or possibility of misuse by a malicious admin. * **authorizeEmployeeCallback :** Block to be executed if employee public key authorization is pending, returns employeePublicKey. * **successCallback** : Success block to be executed after security questions and answers are set successfully. * **failureCallback** : Failure block to be executed if security questions and answers could not be set, returns `BayunError`. ### [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.2-register-without-password#validate-security-questions) Validate Security Questions Use `**validateSecurityQuestions**` function to validate the security questions' answers. The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the login/registration function response. * **answers** : Security questions' answers of type `List`. * **authorizeEmployeeCallback :** Block to be executed if employee public key authorization is pending, returns employeePublicKey. * **successCallback** : Success block to be executed after successful Security Questions' Answers validation. * **failureCallback** : Failure block to be executed if user authentication fails, returns `BayunError`. ### [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.2-register-without-password#validate-passphrase) Validate Passphrase Use `**validatePassphrase**` function to validate the passphrase. The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the login/registration function response. * **passphrase** : Passphrase to validate. * **authorizeEmployeeCallback :** Block to be executed if employee public key authorization is pending, returns employeePublicKey. * **successCallback** : Success block to be executed after successful user passphrase validation. * **failureCallback** : Failure block to be executed if user authentication fails, returns `BayunError`. First account of the Company registered with Bayun is the **Security Admin** account. ### [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.2-register-without-password#sample-code) Sample Code JavaScript Copy const sessionId = "<sessionId>"; const companyName = "bayunsystems.com"; // company portion from loginId const companyEmployeeId = "username"; //username portion from loginId const email = "username@bayunsystems.com"; //loginId const isCompanyOwnedEmail = true; const authorizeEmployeeCallback = (data) => { if (data.sessionId) { if (data.authenticationResponse == BayunCore.AuthenticateResponse.AUTHORIZATION_PENDING) { // You can get employeePublicKey in data.employeePublicKey for it's authorization } } }; const newUserCredentialsCallback = (data) =>{ if (data.sessionId){ const authorizeEmployeeCallback = (data) => { if (data.sessionId) { if (data.authenticationResponse == BayunCore.AuthenticateResponse.AUTHORIZATION_PENDING) { // You can get employeePublicKey in data.employeePublicKey for it's authorization } } }; const successCallback = data => { //Employee Registered Successfully //Login to continue. }; const failureCallback = error => { console.error(error); }; //Take User Input for Security Questions and Answers //Here securityQuestionsAnswers object is created just for reference var securityQuestionsAnswers=[]; securityQuestionsAnswers.push({question: "<question1>", answer: "<answer1>"}); securityQuestionsAnswers.push({question: "<question2>", answer: "<answer2>"}); securityQuestionsAnswers.push({question: "<question3>", answer: "<answer3>"}); securityQuestionsAnswers.push({question: "<question4>", answer: "<answer4>"}); securityQuestionsAnswers.push({question: "<question5>", answer: "<answer5>"}); // Take User Input for optional passphrase const passphrase="<passphrase>"; // Take user Input for optional registerFaceId const registerFaceId=true; bayunCore.setNewUserCredentials(data.sessionId, securityQuestionsAnswers, passphrase, registerFaceId, authorizeEmployeeCallback, successCallback, failureCallback); } } } const securityQuestionsCallback = data => { if (data.sessionId) { if(data.authenticationResponse == BayunCore.AuthenticateResponse.VERIFY_SECURITY_QUESTIONS){ let securityQuestionsArray = data.securityQuestions; //securityQuestionsArray is a list of Security Question Objects with questionId, questionText // Iterate through securityQuestionsArray securityQuestionsArray.forEach(val=>{ console.log(val.questionId); console.log(val.questionText); }); //Show custom UI to take user input for the answers. //Call validateSecurityQuestions function with the user provided answers. //Here answers object is created just for reference var answers=[]; answers.push({questionId: "<questionId1>", answer: "<answer1>"}); answers.push({questionId: "<questionId2>", answer: "<answer2>"}); answers.push({questionId: "<questionId3>", answer: "<answer3>"}); answers.push({questionId: "<questionId4>", answer: "<answer4>"}); answers.push({questionId: "<questionId5>", answer: "<answer5>"}); const successCallback = data => { //Security Questions' Answers validated and registered employee successfully. //Login to continue. }; const failureCallback = error => { console.error(error); }; bayunCore.validateSecurityQuestions(data.sessionId, answers, authorizeEmployeeCallback, successCallback, failureCallback); } } }; const passphraseCallback = data => { if (data.sessionId) { if(data.authenticationResponse == BayunCore.AuthenticateResponse.VERIFY_PASSPHRASE){ //Show custom UI to take user input for the passphrase. const passphrase="<passphrase>"; const successCallback = data => { //Passphrase validated and Employee is registered successfully. //Login to continue. }; const failureCallback = error => { console.error(error); }; //Call validatePassphrase function with the user provided passphrase. bayunCore.validatePassphrase(data.sessionId, passphrase, authorizeEmployeeCallback, successCallback, failureCallback); } } }; const successCallback = data => { //Employee Registered Successfully //Login to continue. }; const failureCallback = error => { console.error(error); }; bayunCore.registerEmployeeWithoutPassword( sessionId, companyName, companyEmployeeId, email, isCompanyOwnedEmail, authorizeEmployeeCallback, newUserCredentialsCallback, securityQuestionsCallback, passphraseCallback, successCallback, failureCallback ); [Previous5.1 Register with Password](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.1-register-with-password) [Next5.3 Login with Password](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.3-login-with-password) Last updated 1 year ago Was this helpful? --- # 5.6 Change Password | BayunCoreSDK JavaScript Programming Guide To change password for a user on Bayun, use `changePassword` function. The function takes the following parameters * **sessionId** : Unique SessionId which is received in the login/registration function response. * **currentPassword** : Current Password. * **newPassword** : New Password. * **successCallback** : Success block to be executed after successful password change. * **failureCallback** : Failure block to be executed if password change fails, returns `BayunError`. JavaScript Copy const successCallback = data => { //Password Changed Successfully }; const failureCallback = error => { console.error(error); }; bayunCore.ChangePassword( sessionId, "<currentPassword>", "<newPassword>", successCallback, failureCallback ) [Previous5.5 Logout](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.5-logout) [Next6\. BayunCoreSDK Operations](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations) Last updated 1 year ago Was this helpful? --- # 8. Bayun Errors | BayunCoreSDK JavaScript Programming Guide Following are the errors thrown by the Bayun SDK, along with a description for each error. * **BayunErrorAccessDenied** - If user access is denied(authentication token expires) or if user does not have right to perform certain operation, library returns BayunErrorAccessDenied. * **BayunErrorEncryptionFailed** - If encryption fails, library returns BayunErrorEncryptionFailed. * **BayunErrorDecryptionFailed** - If decryption fails, library returns BayunErrorDecryptionFailed. * **BayunErrorInvalidPassphrase** - If passphrase is invalid, library returns BayunErrorInvalidPassphrase. * **BayunErrorInvalidPassword** - If password is invalid, library returns BayunErrorInvalidPassword. * **BayunErrorPassphraseCannotBeNull** - If passphrase for validation is null, library returns BayunErrorPassphraseCannotBeNull. * **BayunErrorInvalidCredentials** - If credentials are invalid, library returns BayunErrorInvalidCredentials. * **BayunErrorCredentialsCannotBeNull** - If credentials for authentication are null, library returns BayunErrorCredentialsCannotBeNull. * **BayunErrorUserInActive** - If employee Status is Inactive, library returns BayunErrorUserInActive. * **BayunErrorAppNotLinked** - If app is not linked with Employee Account, library returns BayunErrorAppNotLinked. * **BayunErrorInvalidAppId** - If app id is invalid, library returns BayunErrorInvalidAppId. * **BayunErrorCompanyNameCannotBeNull** - If CompanyName is null, library returns BayunErrorCompanyNameCannotBeNull. * **BayunErrorInvalidCompanyName** - If company name is invalid, library returns BayunErrorInvalidCompanyName. * **BayunErrorCompanyEmployeeIdCannotBeNull** - If CompanyEmployeeId is null, library returns BayunErrorCompanyEmployeeIdCannotBeNull. * **BayunErrorGroupIdCannotBeNull** - If GroupId is null, library returns BayunErrorGroupIdCannotBeNull. * **BayunErrorEmployeeDoesNotExist** - If the employee does not exists, library returns BayunErrorEmployeeDoesNotExist. * **BayunErrorGroupDoesNotExistsForGroupId** - If groupId does not exists for GroupId, library returns BayunErrorGroupDoesNotExistsForGroupId. * **BayunErrorGroupDoesNotExistForGroupId** - If employee does not belong to Group, library returns BayunErrorGroupDoesNotExistForGroupId. * **BayunErrorMemberAlreadyExistsInGroup** - If member already exists in the Group, library returns BayunErrorMemberAlreadyExistsInGroup. * **BayunErrorCannotJoinPrivateGroup** - If member tries to join private in the Group, library returns BayunErrorCannotJoinPrivateGroup. * **BayunGroupTypeCannotBeNull** - If no group type is specified when creating a new group, library returns BayunGroupTypeCannotBeNull. * **BayunErrorAtleastThreeAnswersRequired** - If user answers less than Three security questions, library returns BayunErrorAtleastThreeAnswersRequired. * **BayunErrorIncorrectAnswers** - If user has provided wrong answers for more than Two out of Five security questions, library returns BayunErrorIncorrectAnswers. * **BayunErrorEmployeeDoesNotExistsInGivenCompany** - If autoCreateEmployee is disabled and the entered employee doesn't exist, SDK returns BayunErrorEmployeeDoesNotExistsInGivenCompany. * **BayunErrorCompanyDoesNotExist** - If autoCreateEmployee is disabled and the provided company doesn't exist, SDK returns BayunErrorCompanyDoesNotExist. * **BayunErrorInvalidAppSecret** - If the app secret provided is invalid, the SDK returns BayunErrorInvalidAppSecret. * **BayunErrorEmployeeVerificationFailed** - If the verification fails for any of the keys of the employee, the SDK returns BayunErrorEmployeeVerificationFailed. * **BayunErrorGroupDecryptionFailed** - If the decryption fails for any component of the group, the SDK returns BayunErrorGroupDecryptionFailed. * **BayunErrorUserIsNotRegistered** \- If user is not registered and login is attempted. * **BayunErrorEmployeeAppNotRegistered** \- If an employeeApp is not registered. * **BayunErrorLinkUserEmployeeOnAdmin** \- User and employee exist, Login on admin panel with user to link user and employee. * **BayunErrorIncorrectSecret** \- Incorrect secret for face model. * **BayunErrorRoomDoesNotExist** \- If room does not exist. * **BayunErrorEmployeeAlreadyExists** \- If employee already exist. * **BayunErrorUserAlreadyExists** \- If the developer tries to register a user that already exists, SDK returns BayunErrorUserAlreadyExists. * **BayunErrorIncompleteSecurityQuestions** \- If the developer provides incomplete data for set security question, the SDK returns BayunErrorIncompleteSecurityQuestions. * **BayunErrorGroupDecryptionFailed** \- If the decryption fails for any component of the group, the SDK returns BayunErrorGroupDecryptionFailed. * **BayunErrorSomethingWentWrong** - If error is unknown, library returns BayunErrorSomethingWentWrong. * **BayunErrorAuthenticationFailed** - If user authentication fails, library returns BayunErrorAuthenticationFailed. * **BayunErrorEmployeesDoesNotExist** - If the employee does not exists, library returns BayunErrorEmployeesDoesNotExist. * **BayunErrorReauthenticationNeeded** - If it's needed for the user to be authenticated again, library returns BayunErrorReauthenticationNeeded. * **BayunErrorUserPasswordVerificationEnabled** - If the user being used to register a new employee has password verification enabled, SDK returns BayunErrorUserPasswordVerificationEnabled. * **BayunErrorPasswordCannotBeNull** - If password is null then SDK ruturns BayunErrorPasswordCannotBeNull. * **BayunErrorEmployeeAuthorizationIsPending** - If employee authorization is pending then SDK returns BayunErrorEmployeeAuthorizationIsPending. * **BayunErrorGroupKeySignatureCouldNotBeGenerated** - If group key signature could not be generated then SDK returns BayunErrorGroupKeySignatureCouldNotBeGenerated. * **BayunErrorGroupPrivateKeySignatureCouldNotBeGenerated** - If group private key signature could not be generated then SDK returns BayunErrorGroupPrivateKeySignatureCouldNotBeGenerated. * **BayunErrorNoGroupMembers** - If no members found in the addMembersToGroup function then SDK returns BayunErrorNoGroupMembers. [Previous7.12 Delete Group](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/delete-group) Last updated 3 years ago Was this helpful? --- # 5.4 Login without Password | BayunCoreSDK JavaScript Programming Guide The `loginWithoutPassword` function is the instance function that initialises your access to Bayun. The function takes the following parameters : Let's say the user is logging-in using their login-id of `username@bayunsystems.com`. * **sessionId** : Unique sessionId. You can provide a unique sessionId to the `loginWithoutPassword` function call. If an empty sessionId i.e " " is provided, Bayun creates and returns a unique sessionId in the successful authentication response in `successCallback`. Same sessionId should be provided in all the subsequent calls to the Bayun APIs as an argument. * **companyName** : Unique name of the company/tenant the authenticating employee belongs to, e.g. `bayunsystems.com`. This should be chosen using exactly the same methodology that was used during user registration via `registerEmployeeWithoutPassword`. Note that in some cases the email domain of the user could be different from the domain of the tenant this user belongs to. In such a case, the domain-name part of the tenant is what should be used as the companyName parameter. * **companyEmployeeId** : EmployeeId unique within the company, e.g. `username@bayunsystems.com`. This should also be chosen using exactly the same methodology that was used during user registration via registerEmployeeWithoutPassword. Note that while just the "username" portion might suffice in some cases, it is preferable to use the full loginId for consistency. * **securityQuestionsCallback** : Most developers can just leave it null for default functionality. It is used for taking answers of Security Questions from the User. By default, the SDK uses AlertView to take User’s input for the answers of the Security Questions. The developer can optionally provide a custom UI block for taking User’s input, to match with the look-and-feel of the app, instead of relying on the default alert-view. If non-null, this block will need to take user answers to the security questions as an input and call validateSecurityQuestions API method in the SDK. The Security Questions and QuestionIds are returned through data of the callback, in the form of an ArrayList of HashMap with key "securityQuestions". * **passphraseCallback** : Optional block if passphrase is enabled. Most developers can just leave it null for default functionality. It is used for taking user passphrase input when passphrase is explicitly enabled by the user. By default, the SDK uses AlertView to take user input for passphrase if it is enabled for a user. However the developer can optionally provide a custom UI block to match with the look-and-feel of the app instead of relying on the default alert-view. If non-null, this block will need to take user passphrase as input and call Bayun validatePassphrase method for Passphrase validation. * **successCallback** : Success block to be executed after successful user login. * **failureCallback** : Failure block to be executed if user authentication fails, returns `BayunError`. ### [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.4-login-without-password#validate-security-questions) Validate Security Questions Use `**validateSecurityQuestions**` function to validate the security questions' answers. The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the login/registration function response. * **answers** : Security questions' answers of type `List`. * **successCallback** : Success block to be executed after successful Security Questions' Answers validation. * **failureCallback** : Failure block to be executed if user authentication fails, returns `BayunError`. ### [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.4-login-without-password#validate-passphrase) Validate Passphrase Use `**validatePassphrase**` function to validate the passphrase. The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the login/registration function response. * **passphrase** : Passphrase to validate. * **successCallback** : Success block to be executed after successful user passphrase validation. * **failureCallback** : Failure block to be executed if user authentication fails, returns `BayunError`. ### [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.4-login-without-password#sample-code) Sample Code JavaScript Copy const sessionId = "<sessionId>"; const companyName = "bayunsystems.com"; // company portion from loginId const companyEmployeeId = "username"; // username portion from loginId const securityQuestionsCallback = data => { if (data.sessionId) { if(data.authenticationResponse == BayunCore.AuthenticateResponse.VERIFY_SECURITY_QUESTIONS){ let securityQuestionsArray = data.securityQuestions; //securityQuestionsArray is a list of Security Question Objects with questionId, questionText // Iterate through securityQuestionsArray securityQuestionsArray.forEach(val=>{ console.log(val.questionId); console.log(val.questionText); }); //Show custom UI to take user input for the answers. //Call validateSecurityQuestions function with the user provided answers. //Here answers object is created just for reference var answers=[]; answers.push({questionId: "<questionId1>", answer: "<answer1>"}); answers.push({questionId: "<questionId2>", answer: "<answer2>"}); answers.push({questionId: "<questionId3>", answer: "<answer3>"}); answers.push({questionId: "<questionId4>", answer: "<answer4>"}); answers.push({questionId: "<questionId5>", answer: "<answer5>"}); const successCallback = data => { if (data.sessionId) { //Security Questions' Answers validated and LoggedIn Successfully }}; const failureCallback = error => { console.error(error); }; bayunCore.validateSecurityQuestions(data.sessionId, answers, null, successCallback, failureCallback); } } }; const passphraseCallback = data => { if (data.sessionId) { if(data.authenticationResponse == BayunCore.AuthenticateResponse.VERIFY_PASSPHRASE){ //Show custom UI to take user input for the passphrase. //Call validatePassphrase function with the user provided passphrase. const successCallback = data => { if (data.sessionId) { //Passphrase validated and LoggedIn Successfully }}; const failureCallback = error => { console.error(error); }; bayunCore.validatePassphrase(data.sessionId, "<passphrase>", null, successCallback, failureCallback); } } }; const successCallback = data => { if (data.sessionId) { //LoggedIn Successfully } }; const failureCallback = error => { console.error(error); }; bayunCore.loginWithoutPassword( sessionId, companyName, companyEmployeeId, securityQuestionsCallback, passphraseCallback, successCallback, failureCallback ); [Previous5.3 Login with Password](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.3-login-with-password) [Next5.5 Logout](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.5-logout) Last updated 1 year ago Was this helpful? --- # 5.3 Login with Password | BayunCoreSDK JavaScript Programming Guide The `loginWithPassword` function is the instance function that initialises your access to Bayun. The function takes the following parameters : Let's say the user is logging-in using their login-id of `username@bayunsystems.com`. * **sessionId** : Unique sessionId. You can provide a unique sessionId to the `loginWithPassword` function call. If an empty sessionId i.e " " is provided, Bayun creates and returns a unique sessionId in the successful authentication response in `successCallback`. Same sessionId should be provided in all the subsequent calls to the Bayun APIs as an argument. * **companyName** : Unique name of the company/tenant the authenticating employee belongs to, e.g. `bayunsystems.com`. This should be chosen using exactly the same methodology that was used during user registration via `registerEmployeeWithPassword`. Note that in some cases the email domain of the user could be different from the domain of the tenant this user belongs to. In such a case, the domain-name part of the tenant is what should be used as the companyName parameter. * **companyEmployeeId** : EmployeeId unique within the company, e.g. `username@bayunsystems.com`. This should also be chosen using exactly the same methodology that was used during user registration via registerEmployeeWithPassword. Note that while just the "username" portion might suffice in some cases, it is preferable to use the full loginId for consistency. * **password** : Password of the user. Used to keep user secret keys protected. Never stored or transmitted by BayunSDK in clear. If the developer wishes, it can be a cryptographic hash of the password instead of the cleartext password itself. Bayun just needs a unique secret known to the user only, or something unique generated from it, for keeping the user lockboxes protected in such a way that nobody other than the user has access to it (similar to how iPhone does it with user’s device PIN). * **autoCreateEmployee** : Determines whether or not an employee should be created automatically on Bayun’s system if it does not already exist within the given company. If set to true, an attempt is made to authenticate against an existing employee account first, but if there is no such employee within the given company, a new one is created instead with the supplied credentials. This provides an easy integration option for the developer to use a single login call in an existing application for the simpler use-cases, rather than having to integrate separately with more involved registration & authorization flow along-with the separate login flow. Use this feature only when Bayun’s auth mechanism is being used as shadow auth for your app’s own authentication, using the same user password. And make sure the user has already been successfully authenticated to your own app’s authentication mechanism, before calling Bayun’s loginWithPassword function with autoCreateEmployee set to true. * **authorizeEmployeeCallback :** Block to be executed if employee public key authorization is pending, returns employeePublicKey. * **securityQuestionsCallback** : Most developers can just leave it null for default functionality. It is used for taking answers of Security Questions from the User when extra security with two-factor authorization is enabled. By default, the SDK uses AlertView to take User’s input for the answers of the Security Questions, if two-factor authorization is enabled for the user trying to authenticate. The developer can optionally provide a custom UI block for taking User’s input, to match with the look-and-feel of the app, instead of relying on the default alert-view. If non-null, this block will need to take user answers to the security questions as an input and call validateSecurityQuestions API method in the SDK. The callback is triggered when two-factor authorization is enabled for the user authenticating with Bayun. The Security Questions and QuestionIds are returned through data of the callback, in the form of an ArrayList of HashMap with key "securityQuestions". * **passphraseCallback** : Optional block if passphrase is enabled. Most developers can just leave it null for default functionality. It is used for taking user passphrase input for extra security when passphrase is explicitly enabled by the user. By default, the SDK uses AlertView to take user input for passphrase if it is enabled for a user. However the developer can optionally provide a custom UI block to match with the look-and-feel of the app instead of relying on the default alert-view. If non-null, this block will need to take user passphrase as input and call Bayun validatePassphrase method for Passphrase validation. * **successCallback** : Success block to be executed after successful employee login. * **failureCallback** : Failure block to be executed if employee login fails, returns `BayunError`. ### [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.3-login-with-password#validate-security-questions) Validate Security Questions Use `**validateSecurityQuestions**` function to validate the security questions' answers. The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the login/registration function response. * **answers** : Security questions' answers of type `List`. * **successCallback** : Success block to be executed after successful Security Questions' Answers validation. * **failureCallback** : Failure block to be executed if user Security Questions' Answers validation fails, returns `BayunError`. ### [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.3-login-with-password#validate-passphrase) Validate Passphrase Use `**validatePassphrase**` function to validate the passphrase. The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the login/registration function response. * **passphrase** : Passphrase to validate. * **successCallback** : Success block to be executed after successful user passphrase validation. * **failureCallback** : Failure block to be executed if user passphrase validation fails, returns `BayunError`. ### [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.3-login-with-password#sample-code) Sample Code JavaScript Copy const sessionId = "<sessionId>"; const companyName = "bayunsystems.com"; // company portion from loginId const companyEmployeeId = "username"; // username portion from loginId const password = "<employeePassword>"; const autoCreateEmployee = true; //Boolean value const securityQuestionsCallback = data => { if (data.sessionId) { if(data.authenticationResponse == BayunCore.AuthenticateResponse.VERIFY_SECURITY_QUESTIONS){ let securityQuestionsArray = data.securityQuestions; // securityQuestionsArray is a list of Security Question Objects with questionId, questionText // Iterate through securityQuestionsArray securityQuestionsArray.forEach(val=>{ console.log(val.questionId); console.log(val.questionText); }); //Show custom UI to take user input for the answers. //Call validateSecurityQuestions function with the user provided answers. //Here answers object is created just for reference var answers=[]; answers.push({questionId: "<questionId1>", answer: "<answer1>"}); answers.push({questionId: "<questionId2>", answer: "<answer2>"}); answers.push({questionId: "<questionId3>", answer: "<answer3>"}); answers.push({questionId: "<questionId4>", answer: "<answer4>"}); answers.push({questionId: "<questionId5>", answer: "<answer5>"}); const successCallback = data => { if (data.sessionId) { //Security Questions' Answers validated and LoggedIn Successfully }}; const failureCallback = error => { console.error(error); }; bayunCore.validateSecurityQuestions(data.sessionId, answers, null, successCallback, failureCallback); } } }; const passphraseCallback = data => { if (data.sessionId) { if(data.authenticationResponse == BayunCore.AuthenticateResponse.VERIFY_PASSPHRASE){ //Show custom UI to take user input for the passphrase. //Call validatePassphrase function with the user provided passphrase. const successCallback = data => { if (data.sessionId) { //Passphrase validated and LoggedIn Successfully }}; const failureCallback = error => { console.error(error); }; bayunCore.validatePassphrase(data.sessionId, "<passphrase>", null, successCallback, failureCallback); } } }; const successCallback = data => { if (data.sessionId) { //LoggedIn Successfully } }; const failureCallback = error => { console.error(error); }; bayunCore.loginWithPassword( sessionId, companyName, companyEmployeeId, password, autoCreateEmployee, authorizeEmployeeCallback, securityQuestionsCallback, passphraseCallback, successCallback, failureCallback ); [Previous5.2 Register without Password](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.2-register-without-password) [Next5.4 Login without Password](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.4-login-without-password) Last updated 1 year ago Was this helpful? --- # 6. BayunCoreSDK Operations | BayunCoreSDK JavaScript Programming Guide The `BayunCore` class contains public function to get the Locking Key. [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations#encryption-policy) Encryption Policy --------------------------------------------------------------------------------------------------------------------------------------- Use of encryption-policy, as optional argument in lock function, allows the developer to bind a specific access-policy to the data being locked. The Bayun SDK will automatically choose the right encryption-keys (creating new ones as necessary), in conjunction with the Bayun Lockbox Management Server, and putting these keys in a hierarchy of lockboxes, such that the applied policy is enforceable on the locked data irrespective of any software (potentially hacked) being used to access the data. If no policy is explicitly specified by the developer at the time of locking the data, the default policy dictated by the server is used as specified in the admin-panel settings for that company and user. The actual policy applied to the data is a combination of the encryption-policy specified in lock function and the policy dictated by the server based on settings. The developer-specified policy passed as argument to the lock function in the code always takes precedence over the default policy specified by the server. It is expected that the developer can choose the right access policy based on the business-logic of the application and context of the data being locked. Otherwise it is okay to leave the policy to DEFAULT in code here, and let the admin define de-facto rules to apply for each user and/or company. `**NONE**` : No encryption is performed. The lock function acts as a simple passthrough for data. But all accounting on data-access patterns is still performed for reporting in the admin-panel, so that complete visibility into all lock/unlock operations is still maintained. `**DEFAULT**` : Locking/unlocking is performed according to the policy dictated by the server based on admin-panel settings. `**COMPANY**` : Locking/unlocking is performed using company key i.e the enterprise encryption key. Every employee of the same company will have access to this enterprise encryption key in their lockbox, and so will technically be able to access this data. `**EMPLOYEE**`: Locking/unlocking is performed using individual employee key. Nobody other than the user herself has access to this encryption-key, and so nobody else will be able to access this data. `**GROUP**` : Locking/unlocking is performed using group key. A groupId has to be specified while using this policy. Only members of the specified group will be able to access this data (see the [Groups](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups) section in this Guide for details). `**GROUP_ASYMMETRIC**` : Locking/unlocking is performed using group key by asymmetric encryption standards. A groupId has to be specified while using this policy. Only members of the specified group will be able to access this data (see the [Groups](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups) section in this Guide for details). [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations#key-generation-policy) Key Generation Policy ----------------------------------------------------------------------------------------------------------------------------------------------- Use of key generation policy, as optional argument in lock function, allows the developer to determine the policy to generate Encryption Key for the data being locked. If no policy is explicitly specified by the developer at the time of locking the data, the default policy dictated by the server is used as specified in the admin-panel settings for that company and user. The developer-specified policy passed as argument to the lock function in the code always takes precedence over the default policy specified by the server. Unless the developer has a specific reason to use a particular policy for key generation to encrypt any particular piece of data, it is best to leave this to default so that the admin can choose the right policy in most cases. `**DEFAULT**` : Encryption of every data object is done with the key generated according to the key generation policy dictated by the server based on admin-panel settings. `**STATIC**` **:** Encryption of every data object is done with same key, that is derived from the Base Key. The Base Key is determined by the Policy tied to the object being locked (e.g. CompanyKey, EmployeeKey, GroupKey). `**ENVELOPE**` **:** Every data object is encrypted with its own unique key that is randomly generated. The random key itself is kept encrypted with a key derived from the Base Key. `**CHAIN**` **:** Every data object is encrypted with its own unique key, that is derived from the Base Key using a multi-dimensional chaining mechanism. [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations#operations) Operations ------------------------------------------------------------------------------------------------------------------------- Here is the list of operations that can be performed using BayunCoreSDK: [6.1 Lock/Unlock Text](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/lock-unlock-text) [6.2 Lock/Unlock File Text](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/lock-unlock-binary-data) [6.3 Lock/Unlock Binary Data](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/6.3-lock-unlock-binary-data) [6.4 Get Locking Key](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/get-locking-key) [Previous5.6 Change Password](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/3-authentication/5.6-change-password) [Next6.1 Lock/Unlock Text](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/lock-unlock-text) Last updated 1 year ago Was this helpful? --- # 7. Groups | BayunCoreSDK JavaScript Programming Guide BayunSDK provides public APIs for secure group-based data-access and basic group-management. Every group has its own secret-key that is unique for the group, and is accessible only to the members of that group. This shared group-key is used to encrypt the messages that are locked with encryption-policy of group, and also authenticate members, and control access to group resources. Since nobody other than group-members have access to the group's secret-key, only those belonging to the group will be able to access data encrypted with group-policy tied to that specific groupId. Note that the main purpose of Groups functionality in Bayun framework is to enable enforcement of arbitrary data-access policies that are cryptographically tied to the data, and without burdening the developer with the headaches of key-management for the same. The framework provides only basic group-management functions for creating, modifying, and deleting a group in such a way that the developer can optionally create stricter access-control mechanisms for group-management if so desired, depending on the use-case at hand. For example, the Bayun framework treats every existing member of the group equally for group-management privileges, including the ability to add/remove other members, or delete the group. The developer can always build, or enforce, finer-grained group-management functionality on top of this, e.g. by introducing the notion of group-owner or group-admins with privileged access-rights etc. [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups#group-types) Group Types ---------------------------------------------------------------------------------------------------------- Group type is defined when creating a new group. GroupType is an enum type and has following values: `**PUBLIC**` : The group is public to the organization. Any employee of the organization can join this group, and hence get access to the shared group-key. The group's secret-key is kept encrypted in every member's own lockbox as well as kept encrypted with company's own secret-key, so that nobody outside the company can get access to it. An existing member, who already has access to the group-key, can add any other members to the group (even those outside the company). `**PRIVATE**` : The group is private and accessible only to the existing members of the group. The group's secret-key is kept encrypted in every member's own lockbox only. An existing member can add anyone else to the member-list of the group, irrespective of whether they belong to the same company or not. [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups#group-apis) Group APIs -------------------------------------------------------------------------------------------------------- [7.1 Create Group](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/create-group) [7.2 Get My Groups](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/get-my-groups) [7.3 Get Unjoined Public Groups](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/get-unjoined-public-groups) [7.4 Join Public Group](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/join-public-group) [7.5 Get Group By Id](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/get-group-by-id) [7.6 Add Group Member](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/add-group-member) [7.7 Add Group Members](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/add-group-members) [7.8 Remove Group Member](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/remove-group-member) [7.9 Remove Group Members](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/7.9-remove-group-members) [7.10 Remove Group Members Except List](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/7.10-remove-group-members-except-list) [7.11 Leave Group](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/leave-group) [7.12 Delete Group](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/delete-group) [Previous6.4 Get Locking Key](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/get-locking-key) [Next7.1 Create Group](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/create-group) Last updated 1 year ago Was this helpful? --- # 7.2 Get My Groups | BayunCoreSDK JavaScript Programming Guide The `getMyGroups` function returns all the groups, both public and private, the user is a member of. The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the login/registration function response. JavaScript Copy bayunCore.getMyGroups("<sessionId>") .then(result => { console.log("Response received for getMyGroups."); console.log(result); }) .catch(error => { console.log("Error caught"); console.log(error); }); [Previous7.1 Create Group](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/create-group) [Next7.3 Get Unjoined Public Groups](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/get-unjoined-public-groups) Last updated 1 year ago Was this helpful? --- # 7.4 Join Public Group | BayunCoreSDK JavaScript Programming Guide The `joinPublicGroup` function is used to join any public group of the organisation. The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the login/registration function response. * **groupId** : Group Id of the Public Group. JavaScript Copy bayunCore.joinPublicGroup("<sessionId>", "<groupId>") .then(result => { console.log("Response received for joinPublicGroup."); console.log(result); }) .catch(error => { console.log("Error caught"); console.log(error); }); [Previous7.3 Get Unjoined Public Groups](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/get-unjoined-public-groups) [Next7.5 Get Group By Id](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/get-group-by-id) Last updated 1 year ago Was this helpful? --- # 6.3 Lock/Unlock Binary Data | BayunCoreSDK JavaScript Programming Guide ### [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/6.3-lock-unlock-binary-data#id-6.3.1-lock-data) 6.3.1 Lock Data The `lockData` method of `BayunCore` class locks byteArray with default [BayunEncryptionPolicy](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations#encryption-policy) and [BayunKeyGenerationPolicy](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations#key-generation-policy) dictated by server settings. The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the login/registration function response. * **data** : Byte array to be locked. JavaScript Copy var data = [104,101,108,108,111]; // sample byte array var lockedData = await bayunCore.lockData("<sessionId>", data); ### [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/6.3-lock-unlock-binary-data#id-6.3.2-lock-data-with-encryption-policy-key-generation-policy) **6.3.2 Lock Data** with Encryption Policy, Key Generation Policy The `lockData` method with encryption policy, key generation policy as parameters locks data with the encryption key dictated by the policy. * **sessionId** : Unique SessionId which is received in the login/registration function response. * **data** : Byte array to be locked. * **encryptionPolicy** : [BayunEncryptionPolicy](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations#encryption-policy) determines the key to be used to generate the lockingKey. * **keyGenerationPolicy** : [BayunKeyGenerationPolicy](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations#key-generation-policy) determines the policy to generate the lockingKey. * **groupId** : GroupId is required if encryptionPolicy is `GROUP.` If encryptionPolicy is other than `GROUP` then groupId should be an empty string. JavaScript Copy const encryptionPolicy = BayunCore.EncryptionPolicy.GROUP; const keyGenerationPolicy = BayunCore.KeyGenerationPolicy.ENVELOPE; const data = [104,101,108,108,111]; // sample byte array var lockedData = await bayunCore.lockData("<sessionId>", data, encryptionPolicy, keyGenerationPolicy, "<groupId>"); ### [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/6.3-lock-unlock-binary-data#id-6.3.3-unlock-data) 6.3.3 Unlock Data The `unlockData` method of `BayunCore` class unlocks generic data of type byteArray. * **sessionId** : Unique SessionId which is received in the login/registration function response. * **lockedData** : Data to be unlocked. JavaScript Copy var unlockedData = await bayunCore.unlockData("<sessionId>", "<lockedData>"); [Previous6.2 Lock/Unlock File Text](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/lock-unlock-binary-data) [Next6.4 Get Locking Key](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/get-locking-key) Last updated 1 year ago Was this helpful? --- # 6.1 Lock/Unlock Text | BayunCoreSDK JavaScript Programming Guide ### [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/lock-unlock-text#id-6.1.1-lock-text) 6.1.1 Lock Text The `lockText` function locks text with default [BayunEncryptionPolicy](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations#encryption-policy) and [BayunKeyGenerationPolicy](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations#key-generation-policy) dictated by company settings. The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the login/registration function response. * **plainText** : Text to be locked. JavaScript Copy var lockedText = await bayunCore.lockText("<sessionId>", "<plainText>"); ### [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/lock-unlock-text#id-6.1.2-lock-text-with-encryption-policy-key-generation-policy) 6.1.2 Lock Text with Encryption Policy, Key Generation Policy The `lockText` function with encryption policy, key generation policy as parameters locks the plain text. The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the login/registration function response. * **plainText** : Text to be locked. * **encryptionPolicy** : [BayunEncryptionPolicy](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations#encryption-policy) determines the key to be used to generate the lockingKey. * **keyGenerationPolicy** : [BayunKeyGenerationPolicy](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations#key-generation-policy) determines the policy to generate the lockingKey. * **groupId** : GroupId is required if encryptionPolicy is `GROUP.` If encryptionPolicy is other than `GROUP` then groupId should be an empty string. JavaScript Copy const encryptionPolicy = BayunCore.EncryptionPolicy.GROUP; const keyGenerationPolicy = BayunCore.KeyGenerationPolicy.ENVELOPE; var lockedText = await bayunCore.lockText("<sessionId>", "<plainText>", encryptionPolicy, keyGenerationPolicy, "<groupId>"); ### [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/lock-unlock-text#id-6.1.3-unlock-text) 6.1.3 Unlock Text The `unlockText` function unlocks a locked text. The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the login/registration function response. * **lockedText** : Text to be unlocked. JavaScript Copy var unlockedText = await bayunCore.unlockText("<sessionId>", "<lockedText>"); [Previous6\. BayunCoreSDK Operations](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations) [Next6.2 Lock/Unlock File Text](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/lock-unlock-binary-data) Last updated 1 year ago Was this helpful? --- # 7.7 Add Group Members | BayunCoreSDK JavaScript Programming Guide The `addGroupMembers` function is used to add new members to the Group. The members to be added in the group may belong to different companies, provided that the company and the member must already be registered with Bayun. Any existing member of the group can add new members. The developer can enforce stricter access-mechanisms on top if desired (e.g. only group-owner or group-admin is allowed to add new members). The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the login/registration function response. * **groupId** : GroupId of the group. * **groupMembers** : Members to be added in the group. JavaScript Copy const groupMembers = []; groupMembers.push({ companyName: "<companyName>", companyEmployeeId: "<companyEmployeeId>", }); var addMembersResponse = await bayunCore.addMembersToGroup (<sessionId>,<groupId>,groupMembers); var addedMembersCount = addMembersResponse.addedMembersCount; console.log("Total Members Added : ",addedMembersCount); //Iterating over the list of error objects if(addMembersResponse.addMemberErrObject.length!=0){ let errorList = addMembersResponse.addMemberErrObject; for(let i = 0 ; i < errorList.length ; i++){ let errorMessage = errorList[i].errorMessage; console.log("Error Message: ",errorMessage); //Iterating over the list of members those who couldn't be added to the group for(let j = 1 ; j <= errorList[i].membersList.length ; j++){ let memberDetails = errorList[i].membersList[j-1]; console.log("Details for "+(j)+" employee"); console.log("company employee ID: ",memberDetails.companyEmployeeId); console.log("company name: ",memberDetails.companyName); } } } [Previous7.6 Add Group Member](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/add-group-member) [Next7.8 Remove Group Member](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/remove-group-member) Last updated 2 years ago Was this helpful? --- # 7.3 Get Unjoined Public Groups | BayunCoreSDK JavaScript Programming Guide The `getUnjoinedPublicGroups` function returns all the public groups of the company, current employee is not a member of. The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the login/registration function response. JavaScript Copy bayunCore.getUnjoinedPublicGroups("<sessionId>") .then(result => { console.log("Response received for getUnjoinedPublicGroups."); console.log(result); }) .catch(error => { console.log("Error caught"); console.log(error); }); [Previous7.2 Get My Groups](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/get-my-groups) [Next7.4 Join Public Group](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/join-public-group) Last updated 1 year ago Was this helpful? --- # 7.11 Leave Group | BayunCoreSDK JavaScript Programming Guide The `leaveGroup` function is used to leave any joined group. The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the login/registration function response. * **groupId** : Group Id of the Group. JavaScript Copy bayunCore.leaveGroup("<sessionId>", "<groupId>") .then(result => { console.log("Response received for leaveGroup."); console.log(result); }) .catch(error => { console.log("Error caught"); console.log(error); }); [Previous7.10 Remove Group Members Except List](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/7.10-remove-group-members-except-list) [Next7.12 Delete Group](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/delete-group) Last updated 1 year ago Was this helpful? --- # 7.10 Remove Group Members Except List | BayunCoreSDK JavaScript Programming Guide The `removeMembersExceptList` method is used to remove all members of the Group except the list of group members. Calling member is not removed from the group. Any existing member of the group can remove other members. The developer can choose to build stricter access-control mechanisms on top of this if desired (e.g. only the group-owner or group-admin is authorized to remove members from the group). **Method parameters :** * **sessionId** : Unique sessionId which is received in the registration/login function response. * **groupId** : GroupId of the group. * **groupMembers** : List of members **NOT** to be removed from the group. If the list is empty, all the members of the group are removed except the calling member. * **removeCallingMember :** Determines whether the calling member should be removed from the group or not. JavaScript Copy const groupMembers = []; groupMembers.push({ companyName: "<companyName>", companyEmployeeId: "<companyEmployeeId>", }); var removeCallingMember = false; await bayunCore.removeMembersExceptList(<sessionId>,<groupId>,groupMembers,removeCallingMember); [Previous7.9 Remove Group Members](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/7.9-remove-group-members) [Next7.11 Leave Group](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/leave-group) Last updated 2 years ago Was this helpful? --- # 7.1 Create Group | BayunCoreSDK JavaScript Programming Guide Using `createGroup` method, a new group is created. The group can be either of type `PUBLIC` or `PRIVATE`. The user creating the group automatically becomes a member of the group, with full authorization for complete group-management functionality for that group. The developer can choose to enforce more fine-grained access controls if desired. * **sessionId** : Unique SessionId which is received in the login/registration function response. * **groupName** : Group name(Optional). * **groupType** : Type of group. JavaScript Copy const groupType = BayunCore.GroupType.PUBLIC; bayunCore.createGroup("<sessionId>", "<groupName>", groupType) .then(result => { console.log("Response received for createGroup."); console.log(result); }) .catch(error => { console.log("Error caught"); console.log(error); }); [Previous7\. Groups](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups) [Next7.2 Get My Groups](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/get-my-groups) Last updated 1 year ago Was this helpful? --- # 7.12 Delete Group | BayunCoreSDK JavaScript Programming Guide The `deleteGroup` function is used to delete a group the user is a member of. Any existing member of the group can delete the group. The developer can choose to build stricter access-control mechanisms on top of this if desired (e.g. only the group-owner or group-admin is authorized to delete the group). The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the login/registration function response. * **groupId** : Group Id of the Group. JavaScript Copy bayunCore.deleteGroup("<sessionId>", "<groupId>") .then(result => { console.log("Response received for deleteGroup."); console.log(result); }) .catch(error => { console.log("Error caught"); console.log(error); }); [Previous7.11 Leave Group](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/leave-group) [Next8\. Bayun Errors](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayun-errors) Last updated 2 years ago Was this helpful? --- # 6.4 Get Locking Key | BayunCoreSDK JavaScript Programming Guide Most developers do not need to use this function, and should instead rely on appropriate lock/unlock methods for encrypting and decrypting all data. This is meant only for highly advanced use-cases where the developer needs to use some custom encryption algorithm and/or explicitly add/validate signatures on some special piece of data or stream which can’t be easily passed to standard lock/unlock methods. In this case, the keys returned by this function should be used very carefully for a single object or stream, and then destroyed immediately after encryption/decryption or signature generation/verification is done. The `getLockingKey` function returns locking key along with the keys for signature generation and signature verification for an encryption policy, key generation policy. The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the login/registration function response. * **encryptionPolicy** : [BayunEncryptionPolicy](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations#encryption-policy) determines the key to be used to generate the lockingKey. * **keyGenerationPolicy** : [BayunKeyGenerationPolicy](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations#key-generation-policy) determines the policy to generate the lockingKey. * **groupId**: GroupId is required if encryptionPolicy is `GROUP`. If encryptionPolicy is other than `GROUP,`groupId should be an empty string. JavaScript Copy bayunCore.getLockingKey( "<sessionId>", BayunCore.EncryptionPolicy.GROUP, BayunCore.KeyGenerationPolicy.STATIC, "<groupId>" ) .then(result => { console.log("Response received for getLockingKey."); console.log(result); }) .catch(error => { console.log("Error caught"); console.log(error); }); The `getLockingKey` function returns an object where the keys are `CryptoKey` objects. JavaScript Copy { key, //Locking Key signatureKey, //Private Key to be used for signature generation signatureVerificationKey, //Public Key to be used for signature verification }; To get the same keys as strings in PEM format, use the method`getLockingKeyForEncryptionPolicyAsString`. [Previous6.3 Lock/Unlock Binary Data](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/6.3-lock-unlock-binary-data) [Next7\. Groups](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups) Last updated 2 years ago Was this helpful? --- # 7.9 Remove Group Members | BayunCoreSDK JavaScript Programming Guide The `removeGroupMembers` function is used to remove a list of members from the Group. Any existing member of the group can remove other members. The developer can choose to build stricter access-control mechanisms on top of this if desired (e.g. only the group-owner or group-admin is authorized to remove members from the group). The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the registration/login function response. * **groupId** : GroupId of the group. * **groupMembers** : List of members to be removed from the group. JavaScript Copy const groupMembers = []; groupMembers.push({ companyName: "<companyName>", companyEmployeeId: "<companyEmployeeId>", }); await bayunCore.removeMembersFromGroup(<sessionId>,<groupId>,groupMembers); [Previous7.8 Remove Group Member](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/remove-group-member) [Next7.10 Remove Group Members Except List](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/7.10-remove-group-members-except-list) Last updated 2 years ago Was this helpful? --- # 7.5 Get Group By Id | BayunCoreSDK JavaScript Programming Guide The `getGroupById` returns details of a group. Details include groupId, name, type, groupMembers. Any existing member of the group can retrieve details of the group, including the list of all the group members. The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the login/registration function response. * **groupId** : Group Id of the Group. JavaScript Copy bayunCore.getGroupById("<sessionId>", "<groupId>") .then(result => { console.log("Response received for getGroupById."); console.log(result); }) .catch(error => { console.log("Error caught"); console.log(error); }); [Previous7.4 Join Public Group](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/join-public-group) [Next7.6 Add Group Member](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/add-group-member) Last updated 1 year ago Was this helpful? --- # 7.6 Add Group Member | BayunCoreSDK JavaScript Programming Guide The `addGroupMember` function is used to add a new member to the Group. The member to be added in the group may belong to a different company, provided that the company and the member must already be registered with Bayun. Any existing member of the group can add a new member. The developer can enforce stricter access-mechanisms on top if desired (e.g. only group-owner or group-admin is allowed to add new members). The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the login/registration function response. * **groupId** : GroupId of the group. * **companyEmployeeId** : CompanyEmployeeId of the member to be added in the group. * **companyName** : Name of the company of the member to be added in the group. JavaScript Copy bayunCore.addMemberToGroup("<sessionId>", "<groupId>", "<companyEmployeeId>", "<companyName>") .then(result => { console.log("Response received for addMemberToGroup."); console.log(result); }) .catch(error => { console.log("Error caught"); console.log(error); }); [Previous7.5 Get Group By Id](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/get-group-by-id) [Next7.7 Add Group Members](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/add-group-members) Last updated 2 years ago Was this helpful? --- # 6.2 Lock/Unlock File Text | BayunCoreSDK JavaScript Programming Guide ### [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/lock-unlock-binary-data#id-6.2.1-read-a-file-as-text) 6.2.1 Read a file as text The locked/unlocked file can be read as text as shown in the code snippet. JavaScript Copy let fileInfoObject = { "fileText":"", "metaData":"" } function readFileAsText(){ var file = document.getElementById("file").files[0]; var reader = new FileReader(); reader.readAsDataURL(file); reader.onload = function () { var fileData=reader.result; fileMetadata=fileData.split(",")[0]; //fileMetadata is prepend to the file text and is separated using a comma(,) fileText = fileData.replace(fileMetadata+",",""); // Remove fileMetadata along with "," fileInfoObject = { "fileText":fileText, "metaData":fileMetadata } }; } ### [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/lock-unlock-binary-data#id-6.2.2-write-filetext-to-a-file) 6.2.2 Write fileText to a file The locked/unlocked file text can be written back to the file as shown in the code snippet. JavaScript Copy function writeFileTextToFile(fileText, fileMetadata){ var a = document.createElement("a"); // Creates <a> a.href = fileMetadata + "," + fileText; var extension = fileMetadata.substring(fileMetadata.indexOf('/')+1,fileMetadata.indexOf(';')); console.log("extension",extension); a.download = "<YourFileName>" + "." + extension; //File name Here a.click(); } ### [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/lock-unlock-binary-data#id-6.2.3-lock-file-text) 6.2.3 Lock File Text The `lockFileText` function locks a file data as text with default [BayunEncryptionPolicy](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations#encryption-policy) and [BayunKeyGenerationPolicy](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations#key-generation-policy) dictated by company settings. The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the login/registration function response. * **fileText** : File text to be locked. You can use the utility function [readFileAsText](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/lock-unlock-binary-data#5.2.1-read-a-file-as-text) to read file as file text. JavaScript Copy readFileAsText(); var lockedFileText = await bayunCore.lockFileText("<sessionId>", fileInfoObject.fileText); writeFileTextToFile(lockedFileText, fileInfoObject.metaData); // To write lockedFileText to the file. ### [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/lock-unlock-binary-data#id-6.2.4-lock-file-text-with-encryption-policy-key-generation-policy) 6.2.4 Lock File Text with Encryption Policy, Key Generation Policy The `lockFileText` function with encryption policy, key generation policy as parameters locks a file data as text. The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the login/registration function response. * **fileText** : File text to be locked. You can use the utility function [readFileAsText](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/lock-unlock-binary-data#5.2.1-read-a-file-as-text) to read file as file text. * **encryptionPolicy** : [BayunEncryptionPolicy](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations#encryption-policy) determines the key to be used to generate the lockingKey. * **keyGenerationPolicy** : [BayunKeyGenerationPolicy](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations#key-generation-policy) determines the policy to generate the lockingKey. * **groupId** : GroupId is required if encryptionPolicy is `GROUP`. If encryptionPolicy is other than `GROUP` then groupId should be an empty string. JavaScript Copy const encryptionPolicy = BayunCore.EncryptionPolicy.GROUP; const keyGenerationPolicy = BayunCore.KeyGenerationPolicy.ENVELOPE; readFileAsText(); var lockedFileText = await bayunCore.lockFileText("<sessionId>", fileInfoObject.fileText, encryptionPolicy, keyGenerationPolicy, "<groupId>"); writeFileTextToFile(lockedFileText, fileInfoObject.metaData); // To write lockedFileText to the file. ### [](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/lock-unlock-binary-data#id-6.2.5-unlock-file-text) 6.2.5 Unlock File Text The `unlockFileText` function unlocks a locked file data as text. The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the login/registration function response. * **fileText** : File text to be unlocked. You can use the utility function [readFileAsText](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/lock-unlock-binary-data#5.2.1-read-a-file-as-text) to read locked file as file text. JavaScript Copy // Use readFileAsText() method to unlock a locked file from system // or we can directly use a locked text of a file as parameter, to unlock. var unlockedFileText = await bayunCore.unlockFileText("<sessionId>", "<locked file text>"); writeFileTextToFile(unlockedFileText, fileInfoObject.metaData); // To write unlockedFileText to the file. [Previous6.1 Lock/Unlock Text](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/lock-unlock-text) [Next6.3 Lock/Unlock Binary Data](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/bayuncoresdk-operations/6.3-lock-unlock-binary-data) Last updated 1 year ago Was this helpful? --- # 7.8 Remove Group Member | BayunCoreSDK JavaScript Programming Guide The `removeGroupMember` function is used to remove a member from the Group. Any existing member of the group can remove other members. The developer can choose to build stricter access-control mechanisms on top of this if desired (e.g. only the group-owner or group-admin is authorized to remove members from the group). The function takes the following parameters : * **sessionId** : Unique SessionId which is received in the login/registration function response. * **groupId** : GroupId of the group. * **companyEmployeeId** : CompanyEmployeeId of the member to be removed from the group. * **companyName** : Name of the company of the member to be removed from the group. JavaScript Copy bayunCore.removeMemberFromGroup( "<sessionId>", "<groupId>", "<companyEmployeeId>", "<companyName>" ) .then(result => { console.log("Response received for removeMemberFromGroup."); console.log(result); }) .catch(error => { console.log("Error caught"); console.log(error); }); [Previous7.7 Add Group Members](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/add-group-members) [Next7.9 Remove Group Members](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/7.9-remove-group-members) Last updated 2 years ago Was this helpful? ---