React Native
The Trustly React Native SDK allows you to build a bank authorization workflow in your mobile app. You can use the SDK to initiate a bank authorization flow using either the Select Bank Widget or the Trustly Lightbox.
The SDK handles the complexities of OAuth flows and bank redirection, ensuring a seamless user experience on both iOS and Android.
Prerequisites
- Node.js: Version 22.23.0 or later
- React Native: Version 0.76.9 or later
- React: Version 18.3.1 or later
- iOS: iOS 12+ and Xcode 14+ (for iOS builds)
- Android: Android Studio (for Android builds)
Authentication flow
The following diagram illustrates how the Trustly SDK manages the secure transition between your application, the SDK, and the banking institution.
Add the package
To install the core Trustly SDK, which includes the Lightbox UI components and the native bridges required to communicate with banking apps, go to your project’s root directory and run the following command:
Then install the required peer dependencies:
Install iOS CocoaPods
If you are building for iOS, you must install the CocoaPods dependencies to integrate the SDK’s native modules. Navigate to your iOS directory and run:
Set up deep links
To handle bank logins securely, the Trustly SDK uses ASWebAuthenticationSession on iOS and direct App-to-App interactions on Android. You must configure a Universal Link (iOS) or App Link (Android) to handle redirects back to your app after a user authenticates with their bank. Pass your deep link URL as metadata.deepLinkUrl in establishData.
If your app does not already have a Universal Link (iOS) or App Link (Android) configured, you must set one up. Without it, users will not be automatically redirected to your app after logging in on a mobile banking app.
iOS
Universal Links use standard HTTPS URLs to return users directly to your app after bank authentication. Unlike custom URL schemes, they are verified against your domain — preventing other apps from intercepting them — and fall back to your website if the app isn’t installed.
Define the associated domains
Create a JSON file named apple-app-site-association and host it at one of the following locations on your server:
- Root:
https://yourdomain.com/apple-app-site-association - Subdirectory:
https://yourdomain.com/.well-known/apple-app-site-association
Server requirements:
- Served over HTTPS.
Content-Typeheader set toapplication/json.- Filename must have no extension.
Verify your server returns the correct Content-Type:
Add the Associated Domains entitlement
- Open your project in Xcode and select your application target.
- Go to Signing & Capabilities.
- Click + Capability and select Associated Domains.
- Add your domains, prefixed with
applinks::
Adding this capability automatically inserts the com.apple.developer.associated-domains key into your app’s entitlements file.
Handle the Universal Link return
Unlike standard deep link routing, the Trustly SDK manages the return from the bank natively. On iOS, the SDK leverages ASWebAuthenticationSession via the InAppBrowser module. This securely overlays the bank’s login page and intercepts the redirect URL at the OS level once authentication is complete.
Because of this native integration, you do not need to manually intercept the URL in your AppDelegate or add React Native Linking event listeners.
To ensure the return works seamlessly:
- Make sure your configured Universal Link matches the
deepLinkUrlvalue you pass in theestablishDataobject. - Once the bank redirects the user to this URL, the SDK will automatically capture the callback, dismiss the secure browser, and trigger the
onReturnoronCancelfunctions defined in yourTrustlyLightboxcomponent.
Android
Android App Links use standard HTTPS URLs to return users directly to your app after bank authentication. Unlike custom URL schemes, App Links are verified against your domain via Digital Asset Links, preventing other apps from intercepting them, and fall back to your website if the app isn’t installed.
Define the digital asset links
Create a JSON file named assetlinks.json and host it at: https://yourdomain.com/.well-known/assetlinks.json
Server requirements:
- Served over HTTPS.
Content-Typeheader set toapplication/json.
Verify your server returns the correct Content-Type:
Configure the manifest
Add an intent filter with autoVerify="true" to your AndroidManifest.xml. Android uses the following attributes to handle App Links:
android:exported="true"— Required to allow your activity to be started by external app links.android:autoVerify="true"— Instructs Android to verify your domain ownership by checkingassetlinks.jsonat install time.<data>elements — Define the HTTPS scheme, domain, and path that trigger your activity.
Create the establishData object
To initialize the Trustly Lightbox, you must create an establishData object. This object acts as the configuration payload for the SDK and includes transaction details and the requestSignature, which must be generated by your backend for security. For more information, see Generate request signatures.
You define the establishData object within your main component — for example, App.tsx or the screen that handles the payment logic.
When using the sandbox environment, set the env property to sandbox. Before publishing your production application, remove the env property.
Required properties
Add the SDK components
You can integrate the SDK in two ways: displaying the Bank Selection Widget first, or launching the Trustly Lightbox directly.
Display the Select Bank Widget
Add TrustlyWidget to your component’s return statement to allow users to select their bank directly within your app’s UI.
The onBankSelected callback triggers a state change. You must use this state to conditionally render the TrustlyLightbox component, as shown in the following example.
Launch the Trustly Lightbox
Add the following code to your component’s return statement to bypass the Select Bank Widget and launch the Trustly Lightbox immediately or from your own custom button:
Handle callbacks
Define the callback functions inside your component to handle the transaction result.
Ensure the state setter (for example, setShowLightbox) matches the variable name defined in your component’s state.
Troubleshooting
Use the information provided here to resolve configuration and integration issues on iOS and Android platforms.
iOS
-
App does not return after auth: Verify that the
metadata.deepLinkUrlin yourestablishDatamatches a path covered by yourapple-app-site-associationfile and that the Associated Domains entitlement is configured in Xcode. -
Universal Link opens browser instead of app: Confirm your server is serving
apple-app-site-associationover HTTPS withContent-Type: application/jsonand no file extension. -
CocoaPods architecture errors on Apple Silicon: React Native 0.79+ supports arm64 natively. If you encounter incompatible architecture errors or FFI gem issues during
pod install, try running the command with thearch -x86_64prefix as a fallback:
Android
-
App Link not working: Confirm
android:autoVerify="true"is set on your intent filter and yourassetlinks.jsonis reachable athttps://yourdomain.com/.well-known/assetlinks.jsonwith the correctContent-Type: application/json. -
WebView not loading: Ensure you have requested internet permissions in
AndroidManifest.xml:
General
-
Signature error: Ensure the
requestSignatureis being generated correctly by your backend using your access key. See Generate request signatures. -
Module not found: If you encounter resolution errors, try resetting your cache: