Should I use the SDK or API integration for OTL?

The primary function of OTL relies on forcing the authentication request to travel over the mobile operator’s core network using the device's live mobile-data session. The SDK simplifies the execution of this technical requirement:

1. Automatic Network Prioritization (Wi-Fi Override): The most crucial advantage of the SDK is its ability to handle network prioritization. If the user is connected to Wi-Fi, the SDK attempts to temporarily change the priority or routing of data packets to transmit over the mobile network for a fraction of a second. This function, sometimes referred to as Wi-Fi override, is essential because if a user is coming from Wi-Fi, there is otherwise "no way to check via mobile back data back".
2. Seamless Flow Management: The SDK automatically manages the client-side authentication flow. This includes programmatically handling the invisible 302 redirect mechanism required to force the request to traverse the operator’s core network (the whole security primitive of Silent Mobile Verification or SMV). The SDK uses an invisible HTTP client or a lightweight webview with no user interface shown to manage this hop.
3. Reduced Development Effort: The SDK-based approach simplifies the process by handling these complexities automatically on the client side. The SDK is preferred as it offers additional features and handles session creation using mobile data even if Wi-Fi is connected.

Requirements for API Integration

While both API and SDK approaches require the Initiate Authenticate API call and the Access User Info API call (or webhook subscription), using the pure API requires significantly more manual effort and technical handling by your application:

• Manual Network Routing: The API-based approach requires the application to manage the flow and API calls directly.
• IP Handling: If you choose to initiate the request from your backend server instead of the user's device, you must pass the end-user's IP address to Bureau using a custom header for the API-based implementation. This is required because the request must come via the customer's internet for verification to succeed.
• User Nudging: Since the API cannot automatically override Wi-Fi to use mobile data, if a user is on Wi-Fi or has mobile data off, your application will need to detect this and nudge the user to switch their mobile data on.

In summary, choosing the SDK streamlines the process by automatically managing the necessary network gymnastics (like the Wi-Fi override) and the invisible redirect flow, ensuring higher success rates and less platform-specific development work.