Setup and Configuration

Adding the CX Library to your project

The library is available on Maven Central, so you can include it in your app the same way you include any other library. It is under the name, and the current version is 2.0.0. For instance, you can add it the following way:

  1. Open build.gradle
  2. Under dependencies, add: implementation ''
  3. Ensure you are reading from maven central. Under repositories, add mavenCentral()
  4. Sync gradle

You should now have be able to use the PrivakeyCX library.

Library Configuration

After the CX aar has been added to the project it will need to be configured to point at your PrivakeyCX server. Other configuration options are Retrofit2 Connect time, read timeout, write timeout, The JWT validity period, and the Library log level.

These values are part of a file called This file needs to be added to the applications res directory.

  1. Right click res -> new -> Android Resource Directory
  2. In the New Resource Directory dialog, set the name to raw, type raw and source set main.
  3. Place the inside the newly created raw directory.
#The URL of your Privakey Instance. Must end with a /

#HTTP Client Time Values, in seconds

#JWT Validity Minutes

#Log Levels: -1:NONE, 0:ERROR, 1:WARN, 2:INFO, 3:DEBUG, 4:VERBOSE


If you are using Proguard on your project you need to add the proguard rules for GSON, JJWT, OKHTTP, Retrofit2, and Retrofit Jackson. These rules may change depending on the release version and you should view the github or support sites for each dependency to keep up with the new Proguard rules.


Below is an example of a at the time this document was published

# Add project specific ProGuard rules here.
# You can control the set of applied configuration files using the
# proguardFiles setting in build.gradle.
# For more details, see

# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:
-keepclassmembers class fqcn.of.javascript.interface.for.webview {
   public *;

# Uncomment this to preserve the line number information for
# debugging stack traces.
#-keepattributes SourceFile,LineNumberTable

# If you keep the line number information, uncomment this to
# hide the original source file name.
#-renamesourcefileattribute SourceFile
-optimizationpasses 5

#When not preverifing in a case-insensitive filing system, such as Windows. Because this tool unpacks your processed jars, you should then use:

#Specifies not to ignore non-public library classes. As of version 4.5, this is the default setting

#Preverification is irrelevant for the dex compiler and the Dalvik VM, so we can switch it off with the -dontpreverify option.

#The -optimizations option disables some arithmetic simplifications that Dalvik 1.0 and 1.5 can't handle. Note that the Dalvik VM also can't handle aggressive overloading (of static fields).
#To understand or change this check
-optimizations !code/simplification/arithmetic,!field/*,!class/merging/*,!code/allocation/variable

#Annotations for greendao and LineNumber for reports in play store
-keepattributes *Annotation*,LineNumberTable,InnerClasses,EnclosingMethod,EnclosingMethod,Signature

-keep class** { *; }

# Serializables
-keepnames class * implements

-keepclassmembers class * implements {
    static final long serialVersionUID;
    private static final[] serialPersistentFields;
    !static !transient <fields>;
    !private <fields>;
    !private <methods>;
    private void writeObject(;
    private void readObject(;
    java.lang.Object writeReplace();
    java.lang.Object readResolve();

-keepclassmembers enum * {
    public static **[] values();
    public static ** valueOf(java.lang.String);
    public static ** getStatusId();

#Keep R
-keepclassmembers class **.R$* {
    public static <fields>;

#Jackson converted for retrofit
-keepnames class com.fasterxml.jackson.** { *; }
-keepnames class com.fasterxml.jackson.databind.** { *; }
-keepnames interface com.fasterxml.jackson.** { *; }
-dontwarn com.fasterxml.jackson.databind.**
-keep class org.codehaus.** { *; }

-dontwarn retrofit2.**
-keep class retrofit2.** { *; }
-keepclasseswithmembers class * {
    @retrofit2.http.* <methods>;

# Prevent proguard from stripping interface information from TypeAdapterFactory,
# JsonSerializer, JsonDeserializer instances (so they can be used in @JsonAdapter)
-keep class * implements
-keep class * implements
-keep class * implements
# Gson specific classes
-dontwarn sun.misc.**
#-keep class** { *; }

# OkHttp
-keep class com.squareup.okhttp.** { *; }
-keep interface com.squareup.okhttp.** { *; }
-dontwarn com.squareup.okhttp.**

-keep class org.bouncycastle.** { *; }
-keepnames class org.bouncycastle.** { *; }
-dontwarn org.bouncycastle.**

-keep class io.jsonwebtoken.** { *; }
-keepnames class io.jsonwebtoken.* { *; }
-keepnames interface io.jsonwebtoken.* { *; }
-dontwarn javax.xml.bind.DatatypeConverter
-dontwarn io.jsonwebtoken.impl.Base64Codec

#BEGIN Exposed CX items
#We really shouldnt expose the entities. They are used as copy paste for whitelabel.
-keep class** {*;}
-keep class** {*;}
-keep class** {*;}
-keep class* {*;}
-keep class {*;}
#Release the constants with Exceptions.
-keep class$CallbackErrorStrings {*;}
-keep class$CallbackSuccessStrings {*;}
-keep class {*;}
-keep class { *; }
-keep interface$BiometricAuthenticationCallback {*;}
-keep class {*;}
-keep class { *; }
#END Exposed CX items