Documentation Quick Start

Getting Started

Quick Start

API Reference

Advanced Features

Getting Started with Grantiva

Welcome to Grantiva! This guide will help you integrate Apple App Attest into your iOS application and start validating device authenticity in minutes.

What is Grantiva?

Grantiva is a comprehensive Apple App Attest validation service that helps you:

  • Verify the authenticity of iOS devices accessing your services
  • Detect jailbroken devices and potential security threats
  • Generate risk scores based on device behavior and attestation patterns
  • Issue secure JWT tokens with custom claims for your business logic
  • Monitor and analyze your app's security posture in real-time

Prerequisites

Before you begin, make sure you have:

  • An iOS app targeting iOS 14.0 or later
  • An Apple Developer account with a valid Team ID
  • Your app's Bundle ID configured in Xcode
  • Basic familiarity with Swift and iOS development

Quick Start Steps

1. Create Your Grantiva Account

Sign up for a Grantiva account with your Apple Team ID and Bundle ID. No API keys needed - authentication is handled automatically.

Create Account →

2. Install the Grantiva SDK

Add Grantiva to your iOS project using Swift Package Manager:

// In Xcode: File → Add Packages
https://github.com/grantiva/ios-sdk

// Or add to Package.swift
.package(url: "https://github.com/grantiva/ios-sdk", from: "1.0.0")

3. Initialize and Validate

Import Grantiva and start validating attestations:

import Grantiva

// Initialize - no configuration needed
let grantiva = Grantiva()

// Validate device attestation
do {
    let result = try await grantiva.validateAttestation()
    
    if result.isValid {
        // Device is authenticated
        print("Risk Score: \(result.deviceIntelligence.riskScore)")
        print("JWT Token: \(result.token)")
    }
} catch {
    // Handle validation error
    print("Attestation failed: \(error)")
}

What Happens During Attestation?

  1. Key Generation: The SDK generates a unique cryptographic key pair on the device
  2. Challenge Request: Grantiva provides a cryptographic challenge to prevent replay attacks
  3. Attestation: Apple's App Attest service creates an attestation object
  4. Validation: Grantiva validates the attestation with Apple's servers
  5. Token Issuance: A JWT token is returned with device intelligence data

Understanding the Response

The validation response includes:

{
  "token": "eyJhbGc...",  // JWT for backend authentication
  "deviceIntelligence": {
    "riskScore": 15,      // 0-100, lower is better
    "deviceIntegrity": "high",
    "jailbreakDetected": false,
    "attestationCount": 1
  },
  "permissions": ["basic", "payments"],
  "expiresAt": "2024-12-01T12:00:00Z"
}

Best Practices

  • Cache attestation results to minimize API calls
  • Implement retry logic for network failures
  • Monitor risk scores and adjust your security policies accordingly
  • Use the JWT token for backend API authentication
  • Regularly review analytics to identify suspicious patterns

Next Steps

iOS Integration →

Deep dive into iOS SDK features and advanced usage

Server Setup →

Configure your backend to validate JWT tokens