Flutter SDK
Integrate TrustPin into your Flutter application for cross-platform certificate pinning on iOS, Android, and macOS.
Platform Requirements
| Platform | Minimum Version |
|---|---|
| iOS | 13.0+ |
| Android | API 21+ (Recommended: API 25+) |
| macOS | 13.0+ |
Additional Requirements:
- iOS/macOS: Swift 5.5+
- Android: Kotlin 2.3.0+
Installation
pub.dev (Recommended)
Add TrustPin to your pubspec.yaml:
dependencies:
trustpin_sdk: ^4.0.0Then install:
flutter pub getQuick Start
1. Get Your Credentials
Sign in to the TrustPin Dashboard and retrieve:
- Organization ID
- Project ID
- Public Key (Base64-encoded)
2. Initialize TrustPin
Add initialization to your app’s main entry point:
import 'package:flutter/material.dart';
import 'package:trustpin_sdk/trustpin_sdk.dart';
void main() async {
WidgetsFlutterBinding.ensureInitialized();
// Initialize TrustPin
try {
await TrustPin.setLogLevel(TrustPinLogLevel.debug);
await TrustPin.setup(
organizationId: 'your-org-id',
projectId: 'your-project-id',
publicKey: 'your-base64-public-key',
mode: TrustPinMode.strict,
);
print('TrustPin initialized successfully');
} catch (e) {
print('TrustPin initialization failed: $e');
}
runApp(MyApp());
}Integration Approaches
TrustPin offers multiple integration methods:
| Approach | Best For | Setup Complexity |
|---|---|---|
| Dio HTTP Client (Recommended) | Most Flutter apps | 🟢 Minimal |
| Standard HTTP Client | Apps using http package | 🟢 Minimal |
| Direct Certificate Verification | Custom implementations | 🟠 Advanced |
Dio HTTP Client (Recommended)
The SDK provides a built-in TrustPinDioInterceptor:
import 'package:dio/dio.dart';
import 'package:trustpin_sdk/trustpin_sdk.dart';
// Create Dio with TrustPin certificate validation
final dio = Dio();
dio.interceptors.add(TrustPinDioInterceptor());
// All HTTPS requests now have certificate pinning
try {
final response = await dio.get('https://api.example.com/data');
print('Request successful: ${response.statusCode}');
} on DioException catch (e) {
if (e.error is TrustPinException) {
final trustPinError = e.error as TrustPinException;
print('Pinning failed: ${trustPinError.code}');
}
}Best Practices
Setup & Initialization
- Call
WidgetsFlutterBinding.ensureInitialized()before TrustPin setup - Initialize in
main()before running the app - Handle setup errors gracefully - don’t block app launch
- Set log level before setup for complete logging
Security
- Use
TrustPinMode.strictin production - Monitor pin validation failures
- Use SPKI or rotate pins before expiration
- Keep credentials secure (use environment variables)
- Use HTTPS for all pinned domains
Performance
- Configuration caching is automatic (10-minute TTL)
- Reuse HTTP client instances
- Use minimal log levels in production
- Initialize early in app lifecycle
Complete Documentation
For detailed information on all integration approaches (http package, direct verification), error handling types, environment configuration, macOS sandbox setup, and production deployment, visit the complete documentation:
TrustPin Flutter Documentation
Resources
- Package: pub.dev/packages/trustpin_sdk
- Dart / Flutter API Docs: trustpin-cloud.github.io/flutter.sdk
- Dashboard: app.trustpin.cloud
- Support: support@trustpin.cloud