Backend Integration
The Eixam Flutter SDK relies on a partner backend to provide signed sessions and support key operational endpoints.
What the partner backend must provide
- A signed SDK session (
appId,externalUserId,userHash) - Canonical identity support via
GET /v1/sdk/me - MQTT operational support for SOS and telemetry
- Transactional HTTP support for SOS cancel
- Contacts and backend device registry surfaces
Signing flow
The partner backend owns the app secret and signs the user identity. The signing step must happen on the server — never in the mobile client.
| Step | Actor |
|---|---|
| Store the app secret | Partner backend |
Generate userHash for appId + externalUserId | Partner backend |
| Send the signed session to the mobile app | Partner backend |
| Bootstrap with the signed session | Mobile app |
| Reuse identity for HTTP and MQTT | SDK |
See Identity Signing (JS) for server-side implementation examples.
Signed session contract
Minimum fields:
const EixamSession.signed(
appId: 'partner-app',
externalUserId: 'partner-user-123',
userHash: 'signed-session-hash',
)
Bootstrap and session
If the app already has a signed session at startup, pass it as initialSession. The snippet assumes notificationTexts is a non-empty EixamNotificationTexts value from the host app:
final sdk = await EixamConnectSdk.bootstrap(
EixamBootstrapConfig(
appId: 'partner-app',
environment: EixamEnvironment.production,
notificationTexts: notificationTexts,
initialSession: EixamSession.signed(
appId: 'partner-app',
externalUserId: 'partner-user-123',
userHash: 'signed-session-hash',
),
),
);
If not available at startup, bootstrap without a session and call setSession(...) later.
Operational endpoints
| Operation | Transport |
|---|---|
| Session enrichment | GET /v1/sdk/me |
| SOS trigger | Operational (MQTT) |
| SOS cancel | POST /v1/sdk/sos/cancel |
| Active SOS rehydration | GET /v1/sdk/sos |
| Telemetry | Operational (MQTT) |
| Devices | HTTP (registry / pairing flows as documented) |
| Emergency contacts | HTTP — /v1/sdk/contacts |
Auth
HTTP
X-App-ID: <appId>
X-User-ID: <externalUserId>
Authorization: Bearer <userHash>
MQTT (broker-native, no Bearer prefix)
username: sdk:<appId>:<externalUserId>
password: <userHash>
MQTT uses clean sessions. The same signed identity is shared across HTTP and MQTT.