Introduction

Introduction

This documentation describes Arculus Authentication (the Arculus FIDO2 SDK) and how to integrate it into mobile (Android/iOS) or desktop applications for tertiary (3rd level or transactional authorization) or passwordless authentication using Arculus FIDO2 (Fast Identity Online 2) hardware security keys. The SDK provides APIs for NFC/CTAP2 communication with Arculus FIDO2 cards, enabling registration, authentication, credential management, and PIN operations.

The SDK is architecture-agnostic and supports multiple deployment patterns:

• Client-side: Application communicates directly with FIDO2 servers

• Server-side: Application uses backend services to proxy FIDO2 server communication

• Hybrid: Combination of direct and proxied communication

The SDK abstracts NFC/CTAP2 details, so developers can focus on application logic. It handles card detection, APDU communication, error handling, and response parsing.

This documentation includes:

• SDK architecture and component design

• API reference and usage patterns

• Integration guides for Android and iOS

• Authentication and registration flow examples

• Security best practices and recommendations

• Troubleshooting and common issues

Example projects demonstrate real-world usage, including integration with OAuth2/OIDC providers (Auth0, Keycloak, etc.) and different architectural patterns. These examples serve as reference implementations and starting points for your own applications.

Intended Audience

The primary audience for this documentation is application developers, architects, integration and technical team members.

Primary Audience

Application Developers

• Integrating FIDO2 authentication into mobile, desktop or web applications

• Using the Arculus FIDO2 SDK APIs for card operations

• Implementing registration, authentication, and credential management flows

• Handling NFC/CTAP2 communication via the SDK

• Managing secure storage (Android Keystore / iOS Keychain) for tokens and credentials

• Understanding SDK error handling and response formats

Software Architects & Technical Leads

• Evaluating the SDK for integration into existing systems

• Understanding SDK capabilities, limitations, and design patterns

• Planning authentication architecture and choosing deployment patterns

• Designing secure integration patterns with OAuth2/OIDC providers

• Making technology decisions and evaluating SDK fit

SDK Integration Engineers

• Implementing SDK initialization and configuration

• Integrating SDK with backend services and FIDO2 servers

• Managing SDK lifecycle and resource cleanup

• Handling asynchronous operations and callbacks

• Implementing error recovery and retry logic

Secondary Audience

This document could also assist other technical team members such as backend developers, devops, system admins, security and testing team members to help understand how an application can use the SDK to interact with the Arculus FIDO2 Server.

Prerequisites

Readers should have:

• Basic understanding of FIDO2/WebAuthn concepts

• Familiarity with mobile application development (Android or iOS)

• Knowledge of NFC technology (optional as this is handled by the SDK)

• Understanding of basic security concepts (encryption, secure storage)

• Familiarity with REST APIs and HTTP/HTTPS (for backend integration examples)

How to Use This Documentation

• New to the SDK? Start with the System Architecture, then review the FIDO2 Core Concepts and SDK API Reference. Explore the sample applications in the Appendix to see real-world usage.

• Integrating the SDK? Refer to the SDK guides for your platform (iOS, Android, Desktop, Web), review the SDK API Reference, and study the sample applications for implementation patterns.

• Implementing specific features? Check the sequence diagrams in the SDK pages for detailed flows, review relevant API documentation, and examine sample application code for reference implementations.

• Troubleshooting issues? Review the Troubleshooting guide, check the Error Codes reference, and examine sample application error handling patterns.

• Evaluating security? Focus on Application Security, Deployment Security, and the security sections throughout the documentation.

Sample applications in the Appendix demonstrate complete integration patterns and serve as reference implementations. Use them as starting points, but adapt them to your specific architecture and requirements. The SDK is designed to be flexible and work with various backend architectures and identity providers.