iOS

Supported Platforms

• iOS 15+
• macOS 12+

Quickstart

Install SDK

The Evervault iOS SDK can be installed using the Swift Package Manager.

1. Open your Xcode project.
2. Navigate to File > Swift Packages > Add Package Dependency.
3. Enter the repository URL for the Evervault iOS SDK: https://github.com/evervault/evervault-ios.git.
4. Choose the latest available version or specify a version rule.
5. Click Next and follow the instructions to integrate the package into your project.

Initialize SDK

Now, let's initialize the SDK using our App and Team ID. If you don't have one yet, you can get one by creating an App in the Evervault Dashboard.

1import EvervaultCore
2
3Evervault.shared.configure(teamId: "<TEAM_ID>", appId: "<APP_ID>")

If you need multiple instances of the Evervault SDK you can use the initializer as follows:

1import EvervaultCore
2
3let evervault = Evervault.init(teamId: "<TEAM_ID>", appId: "<APP_ID>")

Encrypting Data

Once the SDK is configured, you can use the encrypt method to encrypt your sensitive data. The encrypt method accepts various data types, including Boolean, Numerics, Strings, Arrays, Dictionaries, and Data.

Here's an example of encrypting a password:

1let encryptedPassword = Evervault.shared.encrypt("Super Secret Password")

Or using a dedicated instance:

1let encryptedPassword = evervault.encrypt("Super Secret Password")

The encrypt method returns an Any type, so you will need to safely cast the result based on the data type you provided. For Boolean, Numerics, and Strings, the encrypted data is returned as a String. For Arrays and Dictionaries, the encrypted data maintains the same structure but is encrypted. For Data, the encrypted data is returned as encrypted Data, which can be useful for encrypting files.

Decrypting Data

Decrypts data previously encrypted with the encrypt() function or through Relay.

The decrypt() method allows you to decrypt previously encrypted data using a token.

The token is a time bound token for decrypting data. The token can be generated using our backend SDKs or through our REST API.

The payload must be the same payload that was used to create the token and expires in a maximum of 10 minutes depending on the expiry set when creating the token.

1let encryptedPassword = Evervault.shared.encrypt("Super Secret Password")
2let decrypted: String = Evervault.shared.decrypt('<token generated by your backend application>', encryptedPassword)

Inputs

The Evervault iOS SDK also includes the EvervaultInputs module, which provides a SwiftUI view called PaymentCardInput. This view is designed for capturing credit card information and automatically encrypts the credit card number and CVC without exposing the unencrypted data. The PaymentCardInput view can be customized to fit your application's design.

To use PaymentCardInput, make sure you have imported the EvervaultInputs module in your file, and then simply add the view to your SwiftUI hierarchy:

1import EvervaultInputs
2
3struct ContentView: View {
4
5    @State private var cardData = PaymentCardData()
6
7    var body: some View {
8        VStack {
9            PaymentCardInput(cardData: $cardData)
10
11            // Data captured:
12            Text("Encrypted credit card number: \(cardData.card.number)")
13        }
14    }
15}

Fields can be optionally displayed by passing in the enabledFields struct. For example if you with to only render the Card Number field use the following code.

1import EvervaultInputs
2
3struct ContentView: View {
4
5    private var enabledFields = EnabledFields(isCardNumberEnabled: true, isExpiryEnabled: false, isCVCEnabled: false)
6
7    @State private var cardData = PaymentCardData()
8
9    var body: some View {
10        VStack {
11            PaymentCardInput(cardData: $cardData, fields: enabledFields)
12
13            // Data captured:
14            Text("Encrypted credit card number: \(cardData.card.number)")
15        }
16    }
17}

The encrypted credit card number and CVC are captured in the PaymentCardData Binding, as well as the expiry month and year and validation fields.

Styling

Internally, the PaymentCardInput view uses SwiftUI TextFields. These can be customized using SwiftUI modifiers like any other TextFields in your application:

1PaymentCardInput(cardData: $cardData)
2        .font(.footnote)
3        .foregroundColor(.blue)

To provide more customization options, the PaymentCardInput can be styled using a PaymentCardInputStyle. There are two build-in styles:

• InlinePaymentCardInputView (the default style) - puts the credit card number, expiry and cvc fields all on a single row.

To explicitly use this style:

1PaymentCardInput(cardData: $cardData)
2        .paymentCardInputStyle(.inline)

• RowsPaymentCardInputStyle - puts the credit card number on a single row. Below it, places the expiry and cvc fields next to each other.

To use this style:

1PaymentCardInput(cardData: $cardData)
2        .paymentCardInputStyle(.rows)

If these two styles do not match your use case, you can create your own style:

1struct CustomPaymentCardInputStyle: PaymentCardInputStyle {
2
3    func makeBody(configuration: Configuration) -> some View {
4        VStack(alignment: .center) {
5            configuration.cardImage
6
7            Text("CC Number").font(.title3)
8            configuration.cardNumberField
9
10            Divider()
11
12            Text("Expiry").font(.title3)
13            configuration.expiryField
14
15            Divider()
16
17            Text("CVC").font(.title3)
18            configuration.cvcField
19        }
20    }
21}

1PaymentCardInput(cardData: $cardData)
2        .paymentCardInputStyle(CustomPaymentCardInputStyle())

Attest Enclaves

The Evervault iOS SDK includes the ability to attest connections to Enclaves.

To attest your Enclave, you need to provide the expected PCRs to a Enclave session.

1import EvervaultCore
2import EvervaultEnclaves
3
4//Note: Make sure app uuid is hyphenated (eg: app-123456).
5let url = URL(string: "https://<ENCLAVE_NAME>.<APP_UUID>.enclave.evervault.com")
6let enclaveSession = Evervault.enclaveSession(
7  enclaveAttestationData: EnclaveAttestationData(
8    enclaveName: "<ENCLAVE_NAME>",
9    appUuid: "<APP_UUID>",
10    pcrs: PCRs(
11      pcr0: "<PCR0>",
12      pcr1: "<PCR1>",
13      pcr2: "<PCR2>",
14      pcr8: "<PCR8>",
15    )
16  )
17)
18
19do {
20  let response = try await enclaveSession.data(from: url)
21  // ...
22} catch {
23  // ...
24}

Apple Pay®

The Evervault iOS SDK provides support for Apple Pay on iOS, enabling secure handling of card data during mobile transaction flows. When a customer taps the Apple Pay button in your app, our SDK will give you the Apple Pay card token (DPAN) from the user's device.

Instead of using Apple's default encryption, the SDK extracts the customer's card details, including the card token and "cryptogram", and returns them in an Evervault-encrypted payload. This allows you to securely access sensitive values while ensuring they remain protected through Evervault's encryption infrastructure.

The encrypted payload can then be safely passed to any downstream system or payment processor for transaction authorization using our proxy, Evervault Relay.

Prerequisites

• You must have an individual or organisational Apple Developer account.

• All users of Apple Pay agree to adhere to the Apple Pay Terms and Conditions.

Register for an Apple Merchant ID

Before you can use Apple Pay for iOS with Evervault you need to obtain an Apple Merchant ID by registering for a new identifier on the Apple Developer portal. Fill out the description and identifier. We recommend you use the name of your app as the identifier e.g. merchant.com.<YOUR_APPS_NAME>

Create a new Apple Pay Payment Processing Certificate

Apple Pay needs to encrypt payment data such as card details. You will need a payment processing certificate for your app to allow Apple Pay to encrypt those details within your app.

In the Evervault dashboard, click the Payments tab at the top of the page. Then, on the left-hand side of the page click Apple Pay and at the bottom of the page under Certificates, click Add certificate. Follow the on screen instructions.

As part of this flow, Evervault will provide you with a certificate signing request that you must download.

Then, in a new tab, in the Apple Developer portal, under Certificates, create an Apple Pay Payment Processing Certificate, select the Merchant ID that you created in the previous step and click Continue. Under the Apple Pay Payment Processing Certificate section, click Create Certificate and upload the certificate signing request you downloaded from the Evervault dashboard.

Download the Apple certificate you just created and go back to the Evervault dashboard and in the certificate set up dialog, upload the certificate you just downloaded from Apple.

Setting up Xcode

Once you have created your merchant identifier and payment processing certificate, you need to add the Apple Pay capability to your app in Xcode.

Open your project settings, click the Signing & Capabilities tab, and add the Apple Pay capability. You might be prompted to sign in to your developer account. Select the merchant ID you created earlier, and now your app is ready to accept Apple Pay.

Create a Transaction

Next you will need to create a transaction to describe the payment you want to process. You will need to provide the country, currency, and line items for the transaction. The last item is the total for the transaction.

If the transaction is not constructed correctly e.g country or currency fields aren't correct or there are no summary items then an EvervaultError.InvalidTransaction error will be thrown.

Please refer to Apple's documentation on requirements for country and currency and amount fields.

1let transaction = try! EvervaultPayment.Transaction(
2  country: "IE",
3  currency: "EUR",
4  paymentSummaryItems: [
5    SummaryItem(label: "Mens Shirt", amount: Amount("30.00")),
6    SummaryItem(label: "Socks", amount: Amount("5.00")),
7    SummaryItem(label: "Total", amount: Amount("35.00"))
8  ]
9)

Check if Apple Pay is supported

Before displaying Apple Pay as a payment option, determine if the user's device supports Apple Pay and that they have a card added to their wallet by calling the isAvailable() method.

1let isAvailable = EvervaultPaymentViewRepresentable.isAvailable()

Render the Apple Pay button

Next you can render the Apple Pay button. When you do this, you will need to pass in your Evervault App ID, your Apple Merchant Identifier, the transaction object, the card networks you support, and two callback closures:

• authorizedResponse:
  • Whenever the user successfully authorizes the payment, the decrypted ApplePayResponse (containing token, card info, cryptogram, etc.) will be written into your @State variable. You can react to that state change however you like — navigate onward, show a confirmation screen, or send it off to your own backend to be sent via an Evervault Relay to your PSP. Refer to this section for the structure of the response.
• onFinish:
  • Fired after the Apple Pay sheet dismisses. Use this to reset UI state or move your checkout flow forward once the sheet has closed. This will fire even if there was an error.
• onError:
  • Fired if anything goes wrong at any point in the flow—whether Apple Pay isn't available, your transaction is invalid, presentation fails, or Evervault is unable to decrypt the payment. You get a standard Error? (that can be cast to an EvervaultError, see below for more details) whose localizedDescription you can display in an alert, log for diagnostics, or present however you choose.

1struct ContentView: View {
2  @State private var applePayResponse: ApplePayResponse? = nil
3  let transaction = buildTransaction()
4
5  var body: some View {
6    VStack(spacing: 20) {
7      EvervaultPaymentViewRepresentable(
8        appId: "YOUR_EVERVAULT_APP_ID",
9        appleMerchantId: "YOUR_APPLE_MERCHANT_IDENTIFIER",
10        transaction: transaction!,
11        supportedNetworks: [.visa, .masterCard, .amex],
12        authorizedResponse: $applePayResponse,
13        onFinish: {
14          print("Payment sheet dismissed")
15        },
16        onError: { error in
17          let message = error?.localizedDescription
18          print("Error: \(String(describing: message))")
19        }
20      )
21    }
22  }
23}

Processing the Payment

If the payment is handled successfully, the Evervault encrypted payment method is available in $applePayResponse (in the example above). The authorizedResponse is an ApplePayResponse object containing the payment method details encrypted with the Evervault public key. You can send this encrypted payment method to your server and use Evervault Relay to decrypt the payment details when you send them to your PSP.

The ApplePayResponse object represented as JSON contains the following fields:

1{
2  "networkToken": {
3    "number": "ev:Tk9D:hY5KJanIPOHBoI8S:AsnnjRl0FDe2zEddBAQG/eI2vN+b...:$",
4    "expiry": {
5      "month": "12",
6      "year": "31"
7    },
8    "tokenServiceProvider": "Apple"
9  },
10  "card": {
11    "brand": "visa",
12    "funding": "debit",
13    "segment": "consumer",
14    "country": "ie",
15    "currency": "eur",
16    "issuer": "Revolut Bank Uab"
17  },
18  "cryptogram": "ev:Tk9D:vUVeybXqrA9Ds4rZ...=:$",
19  // The ECI value is optional with Apple Pay.
20  // Learn more here: https://developer.apple.com/documentation/passkit/payment-token-format-reference#Detailed-payment-data-keys-3D-Secure
21  "eci": "5",
22  "deviceManufacturerIdentifier": "string"
23}

Complete example

Below is a complete example of Evervault Apple Pay in action:

1import SwiftUI
2import EvervaultPayment
3
4func buildTransaction() -> EvervaultPayment.Transaction {
5  let transaction = try! EvervaultPayment.Transaction(
6    country: "IE",
7    currency: "EUR",
8    paymentSummaryItems: [
9      SummaryItem(label: "Mens Shirt", amount: Amount("30.00")),
10      SummaryItem(label: "Socks", amount: Amount("5.00")),
11      SummaryItem(label: "Total", amount: Amount("35.00"))
12    ]
13  )
14  return transaction
15}
16
17struct ContentView: View {
18  @State private var applePayResponse: ApplePayResponse? = nil
19  let transaction = buildTransaction()
20
21  var body: some View {
22    VStack(spacing: 20) {
23      if (EvervaultPaymentViewRepresentable.isAvailable()) {
24        // Apple Pay is supported, display the button
25        EvervaultPaymentViewRepresentable(
26          appId: "YOUR_EVERVAULT_APP_ID",
27          appleMerchantId: "YOUR_APPLE_MERCHANT_IDENTIFIER",
28          transaction: transaction,
29          supportedNetworks: [.visa, .masterCard, .amex],
30          buttonStyle: .whiteOutline,
31          buttonType: .checkout,
32          authorizedResponse: $applePayResponse,
33          onFinish: {
34            print("Payment sheet dismissed")
35              if (applePayResponse != nil) {
36                // Send to PSP via Relay on your backend
37              }
38          },
39          onError: { error in
40            let message = error?.localizedDescription
41            print("Payment error: \(String(describing: message))")
42          }
43        )
44      } else {
45        Text("Not available")
46      }
47    }
48  }
49}
50
51#Preview {
52    ContentView()
53}

Customise the Apple Pay button

When initialising the EvervaultPaymentViewRepresentable you can pass two optional parameters — buttonType and buttonStyle.

Please refer to the Apple PassKit documentation on what preset button styles and types are available.

1EvervaultPaymentViewRepresentable(
2  // other fields...
3  buttonStyle: .whiteOutline,
4  buttonType: .checkout,
5)

Error Handling

All errors from creating the Transaction object and the errors surfaced in the onError callback on the EvervaultPaymentViewRepresentable can be cast to EvervaultError There are four error types:

• InvalidTransactionError - This error is thrown when there is an with the transaction. As a guideline to help prevent encountering this error:
  • country: The merchant's two-letter ISO 3166 country code.
  • currency: The three-letter ISO 4217 currency code that determines the currency the payment request uses.
  • amount: The format of this value depends on the currency. It follows ISO 4217 and depends on the minor unit of the currency e.g the number of decimal points forUSD is 2, so the amount must be formatted as "50.00". This error will be thrown if you try to format the amount as "50.0". As another example, JPY has no minor unit so the amount must be formatted as "1000".
• ApplePayUnavailableError - This error is thrown when Apple Pay is not available on the device
• ApplePayPaymentSheetError - This error is thrown when an underlying error with the Apple Pay payment sheet occurs.
• InternalError - This error is thrown when something goes wrong during the handling of the payment data. An underlying reason will be provided in this case.

Full example

A complete working example is included in the Evervault iOS package, located in the EvervaultIOSApp directory.

Running the Sample App

To run the sample app:

1. Open the EvervaultIOSApp.xcodeproj file in Xcode.
2. Configure your Team ID and App ID in EvervaultIOSAppApp.swift or add EV_TEAM_UUID and EV_APP_UUID Environment Variables the Run Scheme.
3. Select a simulator or physical device as the build target.
4. Build and run the app.

Reference

EvervaultCore

Evervault.shared.config(teamId: String, appId: String)

A shared instance of the Evervault class. This is the simplest way to get up and running if you only need to use a single Evervault team/app.

1import EvervaultCore
2
3Evervault.shared.configure(teamId: "<TEAM_ID>", appId: "<APP_ID>")

Evervault(teamId: String, appId: String)

Initializes a single instance of the Evervault class. You'll need to use this initializer if you require more than one Evervault team/app.

1import EvervaultCore
2
3let evervault = Evervault(teamId: "<TEAM_ID>", appId: "<APP_ID>")

Evervault.encrypt(_ data: Any, role: String?) async throws -> Any

Encrypts the provided data using Evervault Encrypt and an optional data role.

The encrypt function supports: Boolean, Numerics, String, Array, Dictionary and Data.

Note: Data Roles aren't yet supported when encrypting data of the Data type

1let encryptedData = try await Evervault.shared.encrypt("Super Secret Password")
2// or
3let encryptedData = try await evervault.encrypt("Super Secret Password")
4// or
5let encryptedData = try await Evervault.shared.encrypt("Super Secret Password", "data-role")

EvervaultInputs

PaymentCardInput(cardData: PaymentCardData)

Create a PaymentCardInput SwiftUI view

1import EvervaultInputs
2
3struct ContentView: View {
4
5    @State private var cardData = PaymentCardData()
6
7    var body: some View {
8        VStack {
9            PaymentCardInput(cardData: $cardData)
10
11            // Data captured:
12            Text("Encrypted credit card number: \(cardData.card.number)")
13        }
14    }
15}

EvervaultEnclaves

Evervault.enclaveSession(enclaveAttestationData: AttestationData)

Create a URLSession which will attest connections to your Evervault Enclave.

1import EvervaultCore
2import EvervaultEnclaves
3
4let enclaveSession = Evervault.enclaveSession(
5  enclaveAttestationData: AttestationData(
6    enclaveName: "<ENCLAVE_NAME>",
7    pcrs: PCRs(
8      pcr0: "<PCR0>",
9      pcr1: "<PCR1>",
10      pcr2: "<PCR2>",
11      pcr8: "<PCR8>",
12    )
13  )
14)

AttestationData

Config used to compare against the attestation doc served to the client from a Enclave.

PCRs

The attestation measurements measurement expected to be embedded in the attestation document returned from a Enclave.

Using the Evervault API as a PCR Provider

The Evervault API exposes an endpoint to retrieve the PCRs for all active versions of your Enclave which you can use to keep your clients in sync with your Enclave across deployments.

1import EvervaultCore
2import EvervaultEnclaves
3
4struct AttestedEnclaveView: View {
5
6    private let enclaveName = "my-enclave"
7    private let appId = "app_123abc"
8    private let enclaveHostname = "my-enclave.app-123abc.enclave.evervault.com"
9
10    public struct EvervaultProviderResponse: Decodable {
11        public let data: [PCRs]
12
13        public init(data: [PCRs]) {
14            self.data = data
15        }
16    }
17
18    public var provider: (@escaping ([PCRs]?, Error?) -> Void) -> Void = { completion in
19        var request = URLRequest(url: URL(string: "https://api.evervault.com/enclaves/\(enclaveName)/attestation")!)
20        request.addValue(appId, forHTTPHeaderField: "x-evervault-app-id")
21
22        URLSession.shared.dataTask(with: request) { data, _, error in
23            guard let data = data, error == nil else {
24                completion(nil, error ?? NSError(domain: "Evervault Provider", code: -1, userInfo: [NSLocalizedDescriptionKey: "No data or error."]))
25                return
26            }
27            do {
28                // Decode the data into a PCRContainer
29                let container = try JSONDecoder().decode(EvervaultProviderResponse.self, from: data)
30                // Extract the PCRs array from the container and pass it to the completion handler
31                completion(container.data, nil)
32            } catch {
33                print("Error: ", error.localizedDescription)
34                completion(nil, error)
35            }
36        }.resume()
37    }
38
39    @State private var responseText: String? = nil
40
41    var body: some View {
42        Group {
43            if let responseText {
44                Text(responseText)
45            } else {
46                Text("Loading...")
47            }
48        }
49        .padding()
50        .task {
51            let url = URL(string: "https://\(enclaveHostname)/")!
52            let urlSession = Evervault.enclaveAttestationSession(
53                enclaveAttestationData: EnclaveAttestationData(
54                    enclaveName: enclaveName,
55                    appUuid: appId,
56                    provider: provider
57                )
58            )
59
60            do {
61                let response = try await urlSession.data(from: url)
62                print(response)
63            } catch {
64                responseText = error.localizedDescription
65                print("Error: \(error.localizedDescription)")
66            }
67        }
68    }
69}