Filter
-
Content Type
-
Category
Mobile/Wearable
Visual Display
Digital Appliance
Platform
Recommendations
Filter
Develop Health
apioverview package class tree deprecated index com samsung android sdk healthdata interface healthconstants stepcount all superinterfaces healthconstants common, healthconstants sessionmeasurement enclosing class healthconstants public static interface healthconstants stepcount extends healthconstants sessionmeasurement this interface defines the user's step count data it provides only 1 month data healthconstants stepcount is recorded from a phone with samsung health installed it enables a partner app to get the phone's steps with a real-time accessories such as a watch a partner app can get step data of the accessories after a data sync to the phone healthconstants stepdailytrend vs healthconstants stepcount choose a proper step data type for your service using healthconstants stepdailytrend is general healthconstants stepdailytrend healthconstants stepcount data retention period until several years if daily steps are saved in the installed samsung health only 1 month for one more devices e g a phone and a galaxy watch providing all device's steps without duplications manual handling is required to remove duplicated steps main use case getting the user's daily steps monitoring the phone's steps with a real-time properties properties of the following extending interfaces are available for this data type healthconstants common healthconstants sessionmeasurement step count data has the following properties see more common properties by spreading this section out property name description healthconstants stepcount uuid [mandatory] data's unique id, assigned by the system when a new data is inserted healthconstants stepcount create_time [mandatory] utc milliseconds when a data is created in the health data store, assigned by the system when a new data is inserted healthconstants stepcount update_time [mandatory] utc milliseconds when a data is updated in the health data store, assigned by the system when a new data is inserted or the existing data is updated healthconstants stepcount package_name [mandatory] package name which provides data, assigned by the system when a new data is inserted healthconstants stepcount device_uuid [mandatory] device identifier which provides the health data healthconstants stepcount start_time [mandatory] utc milliseconds when the measurement is started; making a duration from start_time to end_time with 1 minute is recommended healthconstants stepcount end_time [mandatory] utc milliseconds after the measurement has ended; making a duration from start_time to end_time with 1 minute is recommended healthconstants stepcount time_offset [mandatory] time offset in milliseconds which considers the time zone and daylight saving time healthconstants stepcount count [mandatory] total number of steps healthconstants stepcount distance distance during the activity healthconstants stepcount calorie burned calories healthconstants stepcount speed speed healthconstants stepcount sample_position_type part of the body where the user places the device healthconstants stepcount custom custom info which is formatted with json and compressed data data permission the user's consent is required to read or write this data type healthpermissionmanager requestpermissions displays a data permission ui to the user see permission manager and request data permission since 1 0 0 field summary fields modifier and type field and description static string calorie burned calories in kilocalories during the activity static string count total number of steps during the activity static string distance distance in meters during the activity static string health_data_type data type name for step count data static string sample_position_type part of the body where the user places the device static int sample_position_type_ankle device is placed in the ankle static int sample_position_type_arm device is placed in the arm static int sample_position_type_unknown device is placed in an unknown position static int sample_position_type_wrist device is placed in the wrist static string speed speed in meters per second during the activity fields inherited from interface com samsung android sdk healthdata healthconstants sessionmeasurement end_time, start_time, time_offset fields inherited from interface com samsung android sdk healthdata healthconstants common create_time, custom, device_uuid, package_name, update_time, uuid field detail sample_position_type static final string sample_position_type part of the body where the user places the device optional type int available values one of the following values sample_position_type_unknown sample_position_type_wrist sample_position_type_ankle sample_position_type_arm since 1 0 0 see also constant field values sample_position_type_unknown static final int sample_position_type_unknown device is placed in an unknown position its constant value is 230001 since 1 0 0 see also sample_position_type, constant field values sample_position_type_wrist static final int sample_position_type_wrist device is placed in the wrist its constant value is 230002 since 1 0 0 see also sample_position_type, constant field values sample_position_type_ankle static final int sample_position_type_ankle device is placed in the ankle its constant value is 230003 since 1 0 0 see also sample_position_type, constant field values sample_position_type_arm static final int sample_position_type_arm device is placed in the arm its constant value is 230004 since 1 0 0 see also sample_position_type, constant field values distance static final string distance distance in meters during the activity optional type float value range 0 ~ 18000 since 1 0 0 see also constant field values calorie static final string calorie burned calories in kilocalories during the activity optional type float value range 0 ~ 1200 since 1 0 0 see also constant field values count static final string count total number of steps during the activity mandatory type int value range 0 ~ 12000 since 1 0 0 see also constant field values speed static final string speed speed in meters per second during the activity optional type float value range 0 ~ 10 since 1 0 0 see also constant field values health_data_type static final string health_data_type data type name for step count data use "com samsung health step_count" to add permission to the manifest file since 1 0 0 see also constant field values
Develop Mobile Samsung eSE SDK
docsamsung ese sdk overview description of secure element a secure element is a tamper-resistant platform (typically a one chip secure microcontroller) capable of securely hosting applications and their confidential and cryptographic data (such as cryptographic keys and sensitive data) in accordance with the rules and security requirements set by well-identified trusted authorities. there are various form factors of secure element : subscriber identity module (sim)/ universal integrated circuit card (uicc) embedded secure element microsd secure elements offers a separate hardware-backed security so that sensitive information or transaction can be performed independently from other processors (ap, cp, cpu, and etc.) due to this, secure elements have been supporting immense needs of various industries that require additional protections, such as payment cards, e-id cards, health insurance cards, driver licenses, digital car keys, and door lock keys. embedded secure element (ese) chips on samsung devices have been certified by authorities such as globalplatform, emvco and common criteria. all of them have at least an eal5+ (evaluation assurance level), which can provide equal or higher security level as an electronic passport can. samsung is ready to open ese for service providers who wants to utilize our products. our ese also supports industry standards such as javacard and globalplatform card specifications. use cases the following are some use cases for ese on samsung devices transits payments digital key access (door key, car key, and etc.) identification / authentication secure storage / certificate manager samsung devices with ese allow customers to use secure services. in general, certain levels of security are required for services that deal with sensitive information. with a highly secured samsung device, the service provider can provide their services securely to its customers. samsung ese sdk samsung ese sdk provides the way for the service provider to deploy a service using ese on samsung devices. it enables the service provider to manage their own service on each customer’s device. it requires communication between, not only on the client application and ese, but also the server and device. hence, there are a few requirements for the service provider to proceed with service development. you can use samsung ese sdk to: deploy a service on a customer’s device. communicate with ese using a client application. manage service provider’s own storage within ese. requirements for the service provider : applet development (resides within ese) tsm (trusted service manager) server : service provider can choose one of the options below. service provider tsm server samsung tsm tsm-less how to request partnership to use the samsung ese sdk, you must become a samsung partner. to request partnership: open the partnership request form. if prompted, log in to your samsung account. if you do not already have a samsung account, create one. enter your company and developer information. your name, email address, and country are filled in for you. enter information about the application for which you are applying to use the samsung ese sdk. provide the name and description for the application, and attach documents that detail the application features and use cases. when you are ready to submit the request, click “submit.” your partnership request will be reviewed. when it is approved, you will receive confirmation letter. nda(non-disclosure agreement) shall be established between samsung and service provider after confirmation letter. samsung ese sdk can be accessed under nda. faq q.01 is there a device list for ese eligibility? a. the device list will be provided after an nda (non-disclosure agreement) has been completed between the service provider and samsung. q.02 do i need to have/develop an javacard applet for service? a. yes, samsung will only provide certain storage within ese. the service provider shall prepare an applet itself to be loaded / installed within ese. q.03 who can apply for partnership? a. samsung intends to provide service opportunities for 3rd parties who can manage secure service stable for a valuable customer. however individual developer can't apply partnership for samsung ese sdk.
Develop Mobile Samsung Automation
docsamsung automation studio get started - samsung automation studio beta the automation studio allows you to integrate samsung bixby, smartthings and 3rd party your apis connect it with samsung bixby and smartthings! you can start a free trial the 6th promotion will end when the free trial code we have prepared are exhausted samsung account a samsung account is your gateway to the world of samsung when you sign up for a samsung account, you gain access to apps and services of samsung smartthings support samsung automation studio supports smartthings integration via smartthings node customization bixby voice support bixby voice can execute your flow that designed with "capsule label" node and "capsule result" node securely stored manage and store your flows simply export and import all files are encrypted and securely stored, protect in what matters pre-defined flows start with pre-defined flow templates for a mashing-up various cases get inspiration and create your new flow runtime environment deploy your flows in secured and isolated containers whose healths and lifecycles are managed automatically by the reliable container platform cf bixby capsule support you can create a flow using the capsule label node and capsule result node you can run this flow using the capsule for automation studio we have already developed the capsule for automation studio it is listed on bixby marketplace remote-endpoint makes your business logic more flexible on bixby voice "capsule label" node allows you to call the remote-endpoint without developing a capsule use a remote-endpoint to your capsules? get a paradigm shift when using bixby and its platform for an advanced state of conversational ai and voice jump on the bixby train and be ready for the 500 million, bixby-enabled, samsung devices that ships yearly as these are enabled with remote-endpoints making it more to flexibly code on bixby capsules capsule node decide which name is called through bixby voice without developing a capsule learn more > smartthings support webhook endpoints in this context is a web services application it serves as an api endpoint on the internet, that receives incoming http post requests webhook endpoints must be an https url rapidly build a smartapp by connecting devices and smartthings services easily what is the automation? automation allows the user to control their smartthings ecosystem without any manual intervention an example of an automation is a webhook that uses the smartthings rest api to control and get status notifications from smartthings devices automation node connect easily with the smartthings smartapp using a web hook endpoint deviceprofile node know what capability you need? find the 71 capabilities of smartthings learn more > get started you can start a free trial the 6th promotion will end when the free trial code we have prepared are exhausted *[sign up][1] for a samsung account, if you do not already have one the minimum requirements are samsung account signed up to smartthings or bixby developers get the subscription code development service level get free trial > use our node on your server! you can find our node named "samsung-automation-studio" in node-red community and can install it in node-red you can keep your flows through the import/export npm install node-red-contrib-samsung-automation-studio-nodes self-managed servers limited features learn more > get started - samsung automation studio beta
Develop Galaxy Watch for Tizen
docbuild and upload your watch designs if you want to learn how to upload your watch face for tizen 4 0 device galaxy watch and tizen 3 0 or older devices gear s3 or older models at the same time, please see how to upload watch faces for galaxy watch and older gear devices? faq build you need to go through the build process to produce a tpk file this is the type of file that you upload to the store step 1 build select build from the menu bar click 1 click project > buildor click 2 click the build button step 2 build a tpk save the tpk file in a folder once the build is finished, upload your watch face to the store note the gws project name is used to name the tpk file because seller portal does not accept filenames that contain spaces, if you have a space in the project name, you must either rename and rebuild your project or remove the space from the tpk filename by default, the tpk file is located in /users/<user name>/gearwatchdesigner/workspace click 3 enter the author certificate password you registered click 4 click on the build button tip package id when you build your project in gws, the package id has to be unique, uses the format xxx xxx xxx where xxx is any alphanumeric character , and cannot contain special characters if any app is already registered in seller portal with the same package name, you won’t be allowed to register the watch face you can change the package id from project > build > package id if your package name is the same as another seller’s registered app, then ‘package id is already used by other seller’ error shows in seller portal when you try to upload your binary file if the package id is the same as another registered app of yours, then ‘package id is not valid’ error shows if you see either of these two messages when trying to upload your binary file to seller portal, rename the package id in gws, rebuild your project, and upload the binary file again tip choose target api version as of tizen 4 0, it is required by law to notify the user about personal information used in the watch face and how the user can determine whether or not to allow access to personal information during app launch a device using tizen 4 0 or later must generate a separate tpk file for this purpose gws provides an option to generate separate tpk files for version 3 0 and earlier and version 4 0 or later when uploading a watch face to seller portal upload a file with _tw4 postfix for devices using tizen 4 0 or later version upload a file with _tw3 postfix for devices using tizen 3 0 or earlier version to support all devices, upload both files tip change preview image you can change the preview image seen when you select a watch face in the watch we recommend one of the following resolutions 512 x 512px or 360 x 360px at 96 ppi pixels per inch file formats supported are png, jpg, and gif upload to galaxy store when you’re uploading your watch face, you’ll be taken to seller portal if you are not logged in, you will be redirected to the login page first when you initially register on the website, you’ll be a free seller, which only lets you upload apps that are listed as free downloads once you switch to commercial seller, you can upload paid downloads go to request commercial seller status to find out how to become a commercial seller note you can create watch faces with galaxy watch studio or tizen studio for your personal enjoyment however, you must receive approval from the galaxy watch review team before you can register your watch faces in seller portal and sell them in galaxy store step 1 upload to the store click 1 click project > uploador click 2 click the upload button step 2 upload online in seller portal, fill out the necessary information about your watch face and upload it login is needed if you are selling apps for republic of korea consumers under korean law, we strongly recommend that you complete explanations of personal information usage in english and korean in the app description field when you edit or register your apps in seller portal in order for us to provide you with our services, we need your permission to access the items described below you can still enjoy the basic features of our services without granting optional access permissions [required access permissions] location to find a connectable nearby device and connect your watch using bluetooth storage to exchange stored files with your watch [optional access permissions] contacts to use your registered samsung account information and provide services that must be synced with your account please check the relevant notice in seller portal > assistance > notice tip for watch faces created with gws, each of the following privileges is optional to show s-health data sensor to show weather data location in-app purchases see trial periods for more information
Learn Developers Podcast
docseason 3, episode 5 previous episode | episode index | next episode this is a transcript of one episode of the samsung developers podcast, hosted by and produced by tony morelan a listing of all podcast transcripts can be found here host tony morelan senior developer evangelist, samsung developers instagram - twitter - linkedin guest maria ly, skimble galaxy watch, galaxy store, entrepreneurship maria ly, founder of skimble, the company behind the mobile fitness app workout trainer not only do we chat about how skimble began as a small startup but also their collaboration with samsung health and the made for samsung team listen download this episode topics covered skimble rock health workout trainer publishing on galaxy store marketing discoverability monetization generating revenue in-app purchase iap galaxy badges best of galaxy store awards diversity and inclusion helpful links skimble website - skimble com rock health - rockhealth com workout trainer - galaxy store/trai publishing on galaxy store - developer samsung com/galaxy-store marketing - developer samsung com/galaxy-store/marketing-resources best of galaxy store awards - developer samsung com/galaxy-store/best-of-galaxy-store maria ly linkedin - linkedin com/in/marialy maria ly interview - developer samsung com/sdp/blog skimble facebook - facebook com/skimbleinc skimble twitter - twitter com/skimble skimble pinterest - pinterest com/skimbleinc skimble instagram - instagram com/skimbleinc skimble youtube - youtube com galaxy badges - developer samsung com/galaxy-store/gsb-promotion samsung iap - developer samsung com/iap samsung developer program website - developer samsung com samsung developer program newsletter - developer samsung com/newsletter samsung developer program blog - developer samsung com/blog samsung developer program news - developer samsung com/news samsung developer program facebook - facebook com/samsungdev samsung developer program instagram - instagram com/samsung_dev samsung developer program twitter - twitter com/samsung_dev samsung developer program youtube - youtube com/samsungdevelopers samsung developer program linkedin - [linkedin com/company/samsungdevelopers] http //linkedin co transcript note transcripts are provided by an automated service and reviewed by the samsung developers web team inaccuracies from the transcription process do occur, so please refer to the audio if you are in doubt about the transcript tony morelan 00 01 hey, i'm tony morelan and this is the samsung developers podcast, where we chat with innovators using samsung technologies, award winning app developers and designers, as well as insiders working on the latest samsung tools welcome to season three, episode five on today's show, i'm joined by maria lai, founder of scramble the company behind the mobile fitness app workout trainer not only do we chat about getting their start through the accelerator program, rock health, but also integrating with samsung health to become a launch partner and collaborating with the made for samsung team enjoy hey, maria, welcome to the podcast hi, tony maria ly 00 42 good morning thanks for having me tony morelan 00 44 yeah, so let me first ask who is maria ly? maria ly 00 49 oh, gosh, let's see, i am a health advisor, investor, an entrepreneur i am asian canadian turned american i live in salt lake city and san francisco part time and i love to travel around the world whenever i can to rock climb and explore and discover new cultures tony morelan 01 14 wow, this is pretty exciting so i understand that you got involved in tech at a young age tell me tell me about that start maria ly 01 21 so i got started i would say mostly when i started high school, and i had access to some of the tech focused groups for youth in canada and so i went through and did some of the courses out there started taking my first programming classes my parents got me my first computer actually when i was in elementary school, and that maybe sparked my interest even earlier but then eventually, i went to study computer engineering at the university of waterloo in canada and then i took a bunch of different coop internships in the tech field around the world tony morelan 01 58 so you said that you did some internships during those times? what were some of those industries that you were involved with? maria ly 02 04 yeah, so there was a good friday? i think, for me, i explored different tech verticals i think i started in a cad software company, and then moved on to aerospace and automotive i even dabbled in h fac, and semiconductors so kind of sampled, which i think you know, while you're young, you might as well and figure out what you're most passionate about tony morelan 02 28 sure, sure now, obviously, you're very passionate when it comes to having an active lifestyle was that the motivation for you to then think, how could i create some sort of active technology company? maria ly 02 40 oh, absolutely i was involved in athletics, i suppose from an early age, i dabbled in figure skating and gymnastics and eventually i got a chance to represent canada at the world cheerleading championships wow and you know, nowadays, i mentioned, i love to rock climb so i do that quite frequently and yes, all of those experiences in living an active lifestyle definitely inspired me to blend my background in technology and health together to form symbol tony morelan 03 12 now how long does symbol been around? i've been maria ly 03 14 working on symbol tinkering on fitness applications for about a decade now we started developing fitness focused applications during the advent of the smartphone and the smartwatches and you know, those connected devices, really were a critical part in sort of adoption, a mass adoption for fox because it's not that easy to have a personal trainer day but you know, having an app you can pull up on your phone is super convenient and if anything affordable and personal yeah, tony morelan 03 49 no, i think your timing was great, because that really was the beginning of the big fitness push when it came to wearables so let's talk about the beginning of skimble first, i need to ask the word scramble i'd love that as the name of the company is that a play off of the word skill in nimble? that's how i see it maria ly 04 06 at first i wanted to get nimble com but truly gone are the days when you get perfect, you know, words, but i thought about scramble because scribble was the name of a nimble cat in a ts eliot poem scribbled also in broadway, the broadway musical cats, so symbol was actually becoming available it was on backorder so i got it on backorder it was expired and, you know, sky plus nimble was sort of my blended word sure, but yes, skill as well sure lots of great skim musker words tony morelan 04 42 yeah so i understand that you guys were part of an accelerated program called rock health tell me about that maria ly 04 52 we were we got into rock health during our earlier days, and they provided us with a grant access to group office space in san francisco, as well as a mentorship program that was about four or five months long and during that time, we were able to kind of focus on different aspects of digital health and connect with potential partners and that sort of thing so i think it's a really amazing ecosystem that has really blossomed in the industry tony morelan 05 24 yeah, i'm sure that was a big help for you guys to get things started so you had mentioned that that program was based in san francisco, is that where your headquarters is? now? maria ly 05 32 to some extent, yes but i would say, we are quite remote and all around before we were located in the ferry building, i don't know if you've been there before, but it's pretty iconic yeah, we were upstairs there but then we started thinking about, you know, the lifestyle that our team wanted to pursue, being able to have access to the outdoors and all that good stuff so we decided to try to make our team as remote as possible and so we still kept our studio multimedia space in san francisco in the mission but then we gave up the very building, and we did a lot of video chats, and you know, team meets wherever we were and so this was actually pre pandemic, believe it or not and so when that hit, we were all pretty much set up tony morelan 06 24 oh, that was nice really, really good timing for such an unfortunate pandemic event maria ly 06 28 yeah, right the silver lining? exactly tony morelan 06 32 so how many people work first gimbal maria ly 06 35 so we have a pretty distributed team of mostly contractors, we work with quite a handful of internal personal trainers and we have over like 1000 trainers on our platform, who develop the training programming for our team and we've got different folks across the globe, focusing on various roles in the company, such as we have our marketing manager in australia, that sort of thing so sure, i would say we're a lean team but we have a great network tony morelan 07 05 so let's talk about your flagship app, workout trainer, tell the people out there, what exactly is workout trainer, maria ly 07 11 workout trainer offers 1000s of follow along multimedia workouts, led by expert coaches and we also offer a personal training network if you want to find a one-on-one online coach tony morelan 07 24 nice, ya know, i have used the app before i love it unlike just like clicking play and watching a video there's a lot more, you know, personal data that you get, i love the fact that you see the in progress, calorie burn, that sort of a fun motivating, you know, piece of data that comes to me as i'm working out maria ly 07 45 absolutely it's funny, you mentioned the heart rate feedback and, and that sort of thing some of our most active users are using the application with their connected heart rate devices, mostly the smartwatches that are available on the market today and it's remarkable to see like the progress people are making by just doing their workouts and coming back to maybe their go to workouts and they can see, you know, their heart rate or the reps chain you can log all that information in the application and you get performance stats as you make progress tony morelan 08 18 that's wonderful now, and now it's not just for folks like myself that are wanting to get a great, you know, fitness routine going but you also are bringing on you'd mentioned contractors so if you are a trainer that would like to bring your workouts to a larger audience this is where you guys are inviting trainers could come join the platform, correct? maria ly 08 39 yes so when you launch the app, there's actually a little tab called trainers, you tap there, you can follow any of our trainers for free and if you find, you know, one trainer who particularly inspires you, or has a background and skill set in a specialty that you're looking for, you can recruit that trainer to help you one on one and they can send messages to you workouts and even a full complete training plan so that's been really nice to connect these folks together tony morelan 09 10 that's great so let's talk about the relationship with samsung and in skin we'll talk about how did that first start? maria ly 09 18 sure so a little while ago, samsung reached out to us interested specifically in our health integrations and it was the samsung health team that contacted us and we became one of their launch partners in their ecosystem with various health app developers and they came to our office in the ferry building and we met several times then we actually went to korea to meet some of the health team there you know, samsung has a big headquarters in mountain view, as well as korea and seoul so we were able to kind of meet the key folks there and since then, we bit remote and working with the folks at the made for samsung team and also within the health team tony morelan 10 07 now, last year, you guys won the 2021, best of galaxy store award for best wellness app what did it mean to win that award? maria ly 10 16 yes, that award was really, really wonderful to receive because, you know, during the time, the last few years, as you guys know, it hasn't been easy and when folks aren't able to go into their gyms, and meet their favorite trainers, or even their workout buddies at the gym, i was really personally very thankful to be able to offer folks and do our part to give them the workouts they wanted in a in a safe place when life was a bit more unpredictable so it really was meaningful to receive that award and we're very grateful for kind of the journey that we have had with samsung, as an integral partner tony morelan 10 55 yeah, i think the timing of that award and where we were at in the pandemic really just showed the value of workout trainer, and really what the, you know, what the people out there wanted to see in us so tell me, are there any unique aspects or optimizations to the galaxy store version of workout trainer? oh, yes maria ly 11 12 so we have a special made for samsung version of workout trainer so if you go on to the galaxy app store, you can just download workout trainer for samsung and this version of the application is tailored for all the latest samsung smart devices you've got a unique offering here so you can get access to some exclusive content such as workouts as well as oftentimes we do some promotion so you can actually unlock our pro plus membership, if you sign up with your samsung account and then further just to add, because we have such a good relationship with the samsung health team, all that data that you're doing, you can share between applications, you can have that sort of a large overview of your health profile within the samsung health application as well tony morelan 12 08 oh, that's wonderful so let's talk a bit about the development of the app what is the workflow? what is the process for you guys, when you created workout trainer? maria ly 12 17 i guess for starters, we use kind of agile development practices and a lot of brainstorming, we currently use android studio and we host all of our contents in the cloud and on top of that, obviously, we use the latest tools with within the samsung sdk id kind of environment tony morelan 12 40 sure, sure so when you first created the app, how long did it take? you know, is this an app that took, you know, a long time to create? or was this something that came pretty quickly and easily to you, maria ly 12 50 i would say that the first very early version of our app took about six months but as you guys know, app development is never as straightforward as you would like and you're always evolving your app and making it better and better and so throughout the years, we've added more features tightened up our flow improved our ui ux experience so you know, it all depends on what your app is aiming to do and offer, and try to use, you know, the best tools possible and rev on it and keep in mind that people like good user experience so even if it's a utility app, you have to think about your customers and get their feedback early on yeah, you tony morelan 13 33 know, the one thing that i will say about when i used to work at trainer was the ui was wonderful i mean, it's because you're in the middle of a workout and so you want something that is simple and easy to use with just a nice, clean interface and that's one of the things that stood out for me with workout trainer maria ly 13 47 well, thanks it's always a work in progress tony morelan 13 50 so let's talk about discoverability because i know that is one of the hardest parts i mean, it's one thing to go and create an app and build it and publish it but the hardest thing is to get people to actually see it and use it so what have you guys done related to discoverability? maria ly 14 05 for us, we have different channels to get discovered a lot of it has to do with be partners with certain discovery channels, but also with our community so for instance, you know, people can do workouts and invite their friends and challenge them to workouts so sort of creating that, like word of mouth has been very helpful for us get discovered through a grassroot approach and then also, you know, sometimes we have different partners where we can sell our app into verticals like within health care, or corporations, or specific areas, or times of the year for instance, samsung and symbols workout trainer can do sort of a collab or a promotion period tony morelan 14 55 yeah, yeah and i'm sure you guys are using the galaxy store badge is that correct to help promote it and weren't people directly to the app on galaxy store? yes, we are for sure wonderful and i'll make sure to include a direct link to that in the in the show notes for, not just that for, but for many of the other areas that we're talking about i loved what you said, as far as you know, inviting a friend and building that community because i know when it comes to workouts, a lot of times people don't have the motivation to do it themselves and they need to be held accountable so you know, if you find a friend that says, hey, if you work out all workout, and when you guys can work out together, you know, in sort of motivate each other to work out, that's what really gets you into a good routine as far as fitness so how many people would you say are using workout trainer, maria ly 15 43 we've seen over 30 million users come our way and, you know, on a day-to-day basis, we're seeing 10s of 1000s of workouts being completed and these are, you know, long form workouts so people are not just going into our app, and you know, jumping away, they're actually finding good content, relevant content for them to do and play for a long period of time, be it, you know, five to 20, to even, you know, 45 minutes long tony morelan 16 08 that's wonderful that is great and that is one of those key things when it comes to you for app developers, they want to create an experience where someone is not just coming in, you know, and like playing a game for a few minutes, and then they're gone retention is such a key component to creating a successful app how do you guys generate revenue, maria ly 16 29 we're going to trainer is a free application, and we offer in app purchase subscription that would be the pro plus membership option so that's offered at 699 a month and it's a reoccurring subscription and we also offer our one-on-one online training platform and the trainer sets the price and on average, it's between 50 to $200 a month, and we take a platform fee tony morelan 16 52 i love that that that you offer that that opportunity for people who want to really, you know, find that personal one on one trainer but yet your app also is available at an affordable price just for the general community i think that is that is great, because it makes it easy for people to give it a try and see if they like it and then decide maybe they want to, you know, get more involved with the app maria ly 17 13 oh, for sure and sometimes our trainers offer one on one training with free trials so we offer a free trial period as well tony morelan 17 19 oh, that's great that is that it's that's wonderful yeah so what advice would you give developers looking to bring their app to galaxy store? maria ly 17 29 oh, i would definitely encourage folks to get on the samsung platform because, as you guys know, around the world, like there are so many people that are using samsung devices, be it the smartphones, tablets, or the smartwatches and so being on the platform will just bring more visibility to your application and it's an opportunity to grow your user base naturally tony morelan 17 52 tell me what is in the future first gimble maria ly 17 55 so we've focused on creating great content and we're going to continue doing that working on providing a platform where people can access more multimedia content from trainer created content workouts created and led by your famous youtube fitness celebrities, and so forth so for us with workout trainer, we want to create and serve the best content for you so that personalized experience where you can have instant access to follow along content for your fitness journey tony morelan 18 28 that's, that's wonderful you know, this this past year, there's been a really big push for diversity and inclusion tell me what is kimble doing related to that? maria ly 18 38 i think from the start with scramble and growing our early team, i always wanted to have a group of great folks not just like industry, people, but trainers and everybody that has been involved to reflect the people who are actually using the application and so, you know, i was not specifically seeking out extreme diversity, but by just me wanting to talk to all kinds of folks from around the world trainers who had, you know, a focus on high intensity training versus pilates, yoga studio style backgrounds and we have so many different trainers demonstrating our exercises, our exercise database library, i believe has grown to be the largest out there with trainers who are very diverse, you know, they look like me and you and all the other folks who use the application so i hope that the application offers content that feels diverse in the type of content it provides, and also the friendly faces who are demonstrating the exercises tony morelan 19 47 that's great so recently, we did a blog feature on you for international women's day you know, being a woman leading a tech company tell me what advice would you give young women looking to start a career are in tech, maria ly 20 01 you know, more than ever before, women are breaking barriers so, you know, having their voices heard within tech within athletics within all sorts of fields, you know, having them be out there doing the work that they love living their best life and if that means, you know, being a leader in technology, or you know, a developer, an engineering manager, there are so many roles within tech that you could pursue and if you have an early appetite for some of the math and science classes, you know, a technology career could be for you so just pursue it and explore it, and you could be your own boss, even, there are so many opportunities now more than ever, i would say, where you can have the mentorship and support and encouragement from not just, you know, the leaders, the your male counterparts, the females in the space, who maybe have been there for a few years, even for me, you know, i do like advising and investing in women led companies in something that inspires me because i want to see the young females take charge and create amazing products for our future generation and, you know, my children even i'm excited for the future and what it can bring for all folks tony morelan 21 18 yeah, no, that's, that's wonderful in that blog, i'm going to link to it it was a great interview; you actually went into great detail on some of these areas that would really help inspire women and young women to really get started into this tech industry so maria, it was excellent to chat with you and learn much more about you know, workout trainer and all the great things that you guys are doing it's gimble let me ask you, what is it that you do for fun when you are not working? maria ly 21 45 well, i have two kids, they can be quite busy on my off hours, we are doing a lot of different activities for instance, over the weekend, i took my son to his first gymnastics class, and then we went skiing because we're in salt lake and it's the end of the season, he went out his first black even so just seeing the young guys, they're leading the charge there and i'm just trying to keep up in addition, when there's a little downtime, i do like to have some focus over for home cooked meal and a board game or two so i actually like playing strategy board games so that's one of my little-known passions as well tony morelan 22 25 that's wonderful that's wonderful i love a good time with friends, food and fun game activity well, hey, maria, it was great to have you on the podcast, i really enjoy you taking the time to chat maria ly 22 35 likewise, tony closing 22 37 looking to start creating for samsung download the latest tools to code your next app, or get software for designing apps without coding at all sell your apps to the world on the samsung galaxy store check out developer samsung com today and start your journey with samsung tony morelan 22 53 the samsung developers podcast is hosted by tony morelan and produced by jeanne hsu
Develop Samsung Wallet
docbusiness support for special purposes overview once partner service onboarding is complete, it is possible to create your own templates such as boarding passes, coupons and tickets into samsung wallet for creating a new kind of wallet, base template creation is needed before actual wallet card creation in general, wallet card creation and modification are possible through the ‘wallet partners portal' however, a server api is provided for cases where it is necessary to manage a large number of cards cards created through api can also be checked and managed in the same way on the ‘wallet partners portal' changes to each card status can be processed at the ‘wallet partners portal', and information on how to change them should be checked through the partner server portal guide the description of each state is as follows state description draft when a wallet card is created for the first time, it becomes a “draft” state in this state, all setting values can be modified verifying in order for the card to launch and activate, it must go through the verification step the “verifying” state is a step in which the administrator requests approval in order to be verified in order to be verified, at least one csr must be registered and general information must be configured rejected the administrator registers the reason for rejection when rejecting the launched wallet card it is sent to the partner by email from the system, including the reason for rejection partners can apply for launch again by checking the reason for rejection and modifying the wallet card information active the administrator has approved partner’s requests the card is activated, and the activation cannot be canceled when the card is activated, it is made visible to the user blocked the activated card has been blocked this function can only be performed by the administrator for reference, the “testing mode” is maintained on after the card is created, and it is impossible to turn on the “testing mode” again after the “testing mode” is turned off even if the card is active, if the testing mode is on, the service is not normal the testing mode must be changed to off it is now possible to add wallet cards to a user's wallet wallet cards are added as described in 'add to samsung wallet', but in special cases, wallet cards can be added automatically only to allowed partners without user interaction api guidelines 'adding wallet card templates' defines interfaces for providers to conveniently create wallet cards to samsung wallet the generated wallet card templates can be managed for updates using 'updating wallet card templates' authorized partners can add wallet cards to users directly from the partner server using 'adding wallet cards' below [service domain] environment domain public domain https //tsapi-card walletsvc samsung com adding wallet card templates this chapter describes how to create wallet card to samsung wallet [request] type value description method post url /partner/v1/card/template headers authorization string 1024 required credential token the token can have prefix bearer" as an authorization type i e , bearer <credentials> x-smcs-partner-id string 32 required partner id x-request-id string 32 required request identifier random generated uuid string x-smcs-cc2 string 2 required country code iso-3166-1 alpha-2 of user account body parameters ctemplate object required tokenized card template actual payload data in basicjson format to communicate betweenpartners and samsung wallet this must be secured in jwt json web token format * see the chapter security for more details payload object cardtemplate object required wallet card template object cardtemplate prtnrid string 32 required partner id cardtemplate templaterefid string 19 required partner template id unique value for each template created by a partner this value is set to a number of 19 digits or less cardtemplate title string 32 required wallet card name cardtemplate countrycode string 2 required main headquarters location code refer to iso-3166-1 alpha-2 for the country code cardtemplate cardtype string 100 required template card type refer to wallet cards cardtemplate subtype string 100 required template card sub type refer to wallet cards cardtemplate designtype string 100 optional the value that defines the design type of the wallet card refer to wallet cards cardtemplate applogoimg string 200 optional banner logo image url the maximum size of that image is 1024*1024e g http //www yourdomain com/banner_logo_image png cardtemplate saveinserveryn string 1 optional sets whether to save the card data this value can only be set in the ‘id card’ type cardtemplate prtnrapppckgname string 128 optional app package name cardtemplate nonetworksupportyn string 1 optional sets whether to support to openthe wallet card under 'no network' status this feature cannot be modified after the wallet card is approved either 'y' or 'n' * default 'n' cardtemplate sharebuttonexposureyn string 1 optional sets whether to support to sharing function this feature cannot be modified after the wallet card is approved either 'y' or 'n'* default 'y' cardtemplate privacymodeyn string 1 optional if this value is set, user authentication is required when using the card, to protect the user's sensitive information either 'y' or 'n'* default 'n' cardtemplate preventcaptureyn string 1 optional this value is screen capture prevention flag whether the contents view prevents screen capture cardtemplate category string 20 optional this item can only be set if the card type is “generic” set the category to get more detailed statistical information e g parking_pass, membership, reservations, insurance, health, receipt, coupon_stamp, note, photo, others cardtemplate prtnrcarddata string 1000 optional partner url of <get card data> check the url format below and implement api according to uri refer to partner server api specification e g https //yourdomain cardtemplate prtnrcardstate string 1000 optional partner url of <get card state> check the url format below and implement api according to uri refer to partner server api specification e g https //yourdomain cardtemplate prtnrmempoint string 1000 optional partner url of <get membership point> cardtemplate cardmetacp string 1000 optional partner url of <get card meta cp> cardtemplate getfulfillmentlist string 1000 optional partner url of <get fulfillment list> cardtemplate prtnrbalance string 1000 optional partner url of <get card balance> cardtemplate state string 15 optional when creating a card, it can be used to create the card's state as a “verifying” state rather than a “draft” state you can only choose “draft” or verifying”* default 'draft' cardtemplate desc string 500 optional description example * example card template object { "prtnrid" "4083254626439156160", "templaterefid" "123456781864545365", "title" "coupon", "countrycode" "kr", "cardtype" "coupon", "subtype" "others", "nonetworksupportyn" "n", "sharebuttonexposureyn" "y" } * example post /partner/v1/card/template [headers] authorization eyjjdhkioijbvvriiiwidmvyijoxlcjwyxj0bmvyswqioiixmjg1o x-smcs-partner-id partner-id-0001 x-request-id req-202303140003 x-request-cc2 kr [payload] { "ctemplate" "eyjjdhkioijkv1qilcjhbgcioijsinrpbwvzdgftcci6imnyzwf0z…" } [response] type value description http status 200 ok payload cardid wallet card id example 200 ok { "cardid" "3hdpejr6qi380", "resultcode" "0", "resultmessage" "success" } [result]] http status code description 200 200 ok 400 400 bad request requests cannot or will not be processed the request due to something that is perceived to be a client error 401 401 unauthorized authorization token is invalid or expired 500 500 internal server error 503 503 service unavailable updating wallet card templates wallet card tmplates updated through api can also be checked and managed in the same way on the ‘wallet partners portal' partners can manage all wallet cards they have created [request] type value description method post url /partner/v1/card/template?cardid={card id} headers authorization string 1024 required credential token the token can have prefix "bearer" as an authorization type i e , bearer <credentials> x-smcs-partner-id string 32 required partner id x-request-id string 32 required request identifier random generated uuid string x-smcs-cc2 string 2 required country code iso-3166-1 alpha-2 of user account path parameters n/a query parameter card id string 32 required wallet card identifier granted from partner portal * it exists when updating a specific card template body parameters ctemplate object required tokenized card template actual payload data in basic json format to communicate between partners and samsung wallet this must be secured in jwt json web token format * see the chapter security for more details payload object cardtemplate object required wallet card template object cardtemplate prtnrid string 32 required partner id cardtemplate cardid string 32 required cardid received a response when creating a card cardtemplate templaterefid string 19 required partner template id unique value for each template created by a partner this value is set to a number of 19 digits or less cardtemplate title string 32 optional wallet card name cardtemplate countrycode string 2 optional main headquarters location code refer to iso-3166-1 alpha-2 for the country code cardtemplate prtnrapppckgname string 128 optional app package name cardtemplate applogoimg string 200 optional banner logo image url the maximum size of that image is 1024*1024 cardtemplate saveinserveryn string 1 optional sets whether to save the card data this value can only be set in the ‘id card’ type cardtemplate nonetworksupportyn string 1 optional sets whether to support to openthe wallet card under 'nonetwork' status this featurecannot be modified after thewallet card is approved either 'y' or 'n'* default 'n' cardtemplate sharebuttonexposureyn string 1 optional sets whether to support to sharing function this feature cannot be modified after the wallet card is approved either 'y' or 'n'* default 'y' cardtemplate privacymodeyn string 1 optional if this value is set, user authentication is required when using the card, to protect the user's sensitive information either 'y' or 'n'* default 'n' cardtemplate preventcaptureyn string 1 optional this value is screen capture prevention flag whether the contents view prevents screen capture cardtemplate category string 20 optional this item can only be set if the card type is “generic” set the category to get more detailed statistical information e g parking_pass, membership, reservations, insurance, health, receipt, coupon_stamp, note, photo, others cardtemplate prtnrcarddata string 1000 optional partner url of <get card data>check the url format below and implement api according to uri refer to partner server api specification e g https //yourdomain cardtemplate prtnrcardstate string 1000 optional partner url of <get card state>check the url format below and implement api according to uri refer to partner server api specification e g https //yourdomain cardtemplate prtnrmempoint string 1000 optional partner url of <get membership point> cardtemplate cardmetacp string 1000 optional partner url of <get card meta cp> cardtemplate getfulfillmentlist string 1000 optional partner url of <get fulfillment list> cardtemplate prtnrbalance string 1000 optional partner url of <get card balance> cardtemplate state string 15 optional if the card status is “draft”, you can only select “verifying” cardtemplate testingmodeoff string 1 optional this value can be set only when the card status is active normal service is possible only when the testing mode is changed to off * default ‘n’ cardtemplate desc string 500 optional description example *example card template object { "prtnrid" "4083254626439156160", "cardid" "3hdpejr6qi380", "templaterefid" "123456781864545365", "title" "coupon", "countrycode" "kr", "nonetworksupportyn" "n", "sharebuttonexposureyn" "y" } * example post /partner/v1/card/template?cardid=3hdpejr6qi380 [headers] authorization eyjjdhkioijbvvriiiwidmvyijoxlcjwyxj0bmvyswqioiixmjg1o x-smcs-partner-id partner-id-0001 x-request-id req-202303140003 x-request-cc2 kr [payload] { "ctemplate" "eyjjdhkioijkv1qilcjhbgcioijsinrpbwvzdgftcci6imnyzwf0z…" } [response] type value description http status 200 ok payload cardid wallet card id example 200 ok { "cardid" "3hdpejr6qi380", "resultcode" "0", "resultmessage" "success" } [result]] http status code description 200 200 ok 400 400 bad request requests cannot or will not be processed the request due to something that is perceived to be a client error 401 401 unauthorized authorization token is invalid or expired 500 500 internal server error 503 503 service unavailable adding wallet cards a typical addition to wallet card is triggered by user interaction, such as pressing the 'add to wallet' button or link however, if the user consents, we support automatically adding a wallet card to the user for a special purpose this is an api that allows partners to provide wallet cards to users the request payload must contain information about the target to which the card is to be added this information may be related to your account, or it may be information about a card that is already registered then the user device is notified of card registration through a push notification partners wishing to use this api must be granted permission by an administrator [card data specification] card id {card id} is an id issued when the partner manager signs up for partner services and register the wallet card they want to service refer to partner onboarding guide document for details cdata actual payload data in basic json format to communicate between partners and samsung wallet see the details on the below sheet card data token card data token the specific wallet card data mentioned as cdata must be secured in jwt json web token format see a chapter security for details [request] type value description method post url /{cc2}/atw/v1/cards/{card id} headers authorization string 1024 required credential token the token can have prefix "bearer" as an authorization type i e , bearer <credentials> x-smcs-partner-id string 32 required partner id x-request-id string 32 required request identifier random generated uuid string x-smcs-cc2 string 2 required country code iso-3166-1 alpha-2 of user account path parameters cc2 string 2 conditional country code iso-3166-1 alpha-2 * required if using public domain card id string 32 required wallet card identifier granted from partner portal body parameters cdata object required actual payload data in basic json format to communicate between partners and samsung wallet this must be secured in jwt json web token format * see the chapter security for more details payload object card object required wallet card object card type string 16 required wallet card type *see wallet cards card subtype string 16 required wallet card sub type *see wallet cards card data[] array of object required wallet card data container data[] refid string 32 required a unique content identifier defined by the content provider data[] createdat long 13 required data creation timestamp epoch timestamp in milliseconds *utc±00 00 data[] updatedat long 13 required data update timestamp epoch timestamp in milliseconds *utc±00 00 data[] language string 8 required default card language code e g en, ko data[] attributes object required container of attributes data[] attributes {fields} required attributes fields by card type*see wallet cards data[] localization[] array of object optional container of localizationed language*see wallet cards localization[] language string 8 required multilingual contenct language code e g en, ko localization[] attributes {fields} for displaying a given language, ‘data[] attributes’ can be replaced by localized versions *see wallet cards account object conditional user account object account type string 16 required type of user identifier e g phonenumber, email account value string 64 required user identifier example * example card object { "card" { "type" "ticket", "subtype" "movies", "data" [{ "refid" "ref-20230304-001", "createdat" 1612660039000, "language" "en", "attributes" { "title" "samsung wallet", "mainimg" "https // /main png" *refer to wallet cards }, "localization" [{ "language" "ko", "attributes" { "title" "삼성 월렛" } }] }] }, "account" { "type" "phonenumber", "value" "+821012345678” } } * example post /atw/v1/cards/1656147182764415319 [headers] authorization eyjjdhkioijbvvriiiwidmvyijoxlcjwyxj0bmvyswqioiixmjg1o x-smcs-partner-id partner-id-0001 x-request-id req-202303140003 x-request-cc2 kr [payload] { "cdata" "eyjjdhkioijkv1qilcjhbgcioijsinrpbwvzdgftcci6imnyzwf0z…" } [response] type value description http status 200 ok payload n/a example 200 ok [result]] http status code description 200 200 ok 400 400 bad request requests cannot or will not be processed the request due to something that is perceived to be a client error 401 401 unauthorized authorization token is invalid or expired 500 500 internal server error 503 503 service unavailable resources wallet card templates & attributes boarding pass card type boardingpass sub type airlines, train , buses type value description payload object cardtemplate object required wallet card template object cardtemplate prtnrid string 32 required partner id cardtemplate templaterefid string 19 required partner template id cardtemplate title string 32 required wallet card name cardtemplate countrycode string 2 conditional main headquarters location* required when creating a template cardtemplate cardtype string 100 conditional this value set “boardingpass”* required when creating a template cardtemplate subtype string 100 conditional select from these values “airlines”, “trains”, “buses”* required when creating a template cardtemplate prtnrapppckgname string 128 optional app package name cardtemplate applogoimg string 200 optional banner logo image url cardtemplate nonetworksupportyn string 1 optional either 'y' or 'n'* default 'n' cardtemplate sharebuttonexposureyn string 1 optional either 'y' or 'n'* default 'y' cardtemplate privacymodeyn string 1 optional either 'y' or 'n'* default 'n' cardtemplate preventcaptureyn string 1 optional screen capture prevention flag cardtemplate state string 15 optional wallet card's state* default 'draft' cardtemplate testingmodeoff string 1 optional testmode off either 'y' or 'n'* default ‘n’available only when updating templates cardtemplate desc string 500 optional description { "cardtemplate" { "prtnrid" "4082825513190138240 "templaterefid" "2138240408282551312", "title" "wallet card title", "prtnrapppckgname" "prtnrapppckgname", "countrycode" "us", "desc" "desc", "cardtype" "boardingpass", "subtype" "airlines", "applogoimg" "http //www yourdomain com/banner_logo_image png", "nonetworksupportyn" "n" "sharebuttonexposureyn" "y" "privacymodeyn" "n" "preventcaptureyn" "n" } } event ticket card type ticket sub type performances, sports, movies, entrances, others type value description payload object cardtemplate object required wallet card template object cardtemplate prtnrid string 32 required partner id cardtemplate templaterefid string 19 required partner template id cardtemplate title string 32 required wallet card name cardtemplate countrycode string 2 conditional main headquarters location* required when creating a template cardtemplate cardtype string 100 conditional this value set “ticket”* required when creating a template cardtemplate subtype string 100 conditional select from these values performances, sports, movies, entrances, others* required when creating a template cardtemplate prtnrapppckgname string 128 optional app package name cardtemplate applogoimg string 200 optional banner logo image url cardtemplate nonetworksupportyn string 1 optional either 'y' or 'n'* default 'n' cardtemplate sharebuttonexposureyn string 1 optional either 'y' or 'n'* default 'y' cardtemplate privacymodeyn string 1 optional either 'y' or 'n'* default 'n' cardtemplate preventcaptureyn string 1 optional screen capture prevention flag cardtemplate state string 15 optional wallet card's state* default 'draft' cardtemplate testingmodeoff string 1 optional testmode offeither 'y' or 'n'* default ‘n’available only when updating templates cardtemplate desc string 500 optional description { "cardtemplate" { "prtnrid" "4082825513190138240", "templaterefid" "2138240408282551314", "title" "wallet card title", "prtnrapppckgname" "prtnrapppckgname", "countrycode" "us", "desc" "desc", "cardtype" "ticket", "subtype" "entrances", "applogoimg" "http //www yourdomain com/banner_logo_image png", "nonetworksupportyn" "n", "sharebuttonexposureyn" "n", "privacymodeyn" "n", "preventcaptureyn" "n" } } coupon card type coupon sub type others type value description payload object cardtemplate object required wallet card template object cardtemplate prtnrid string 32 required partner id cardtemplate templaterefid string 19 required partner template id cardtemplate title string 32 required wallet card name cardtemplate countrycode string 2 conditional main headquarters location* required when creating a template cardtemplate cardtype string 100 conditional this value set “coupon”* required when creating a template cardtemplate subtype string 100 conditional this value set “others”* required when creating a template cardtemplate prtnrapppckgname string 128 optional app package name cardtemplate applogoimg string 200 optional banner logo image url cardtemplate nonetworksupportyn string 1 optional either 'y' or 'n'* default 'n' cardtemplate sharebuttonexposureyn string 1 optional either 'y' or 'n'* default 'y' cardtemplate privacymodeyn string 1 optional either 'y' or 'n'* default 'n' cardtemplate preventcaptureyn string 1 optional screen capture prevention flag cardtemplate state string 15 optional wallet card's state* default 'draft' cardtemplate testingmodeoff string 1 optional testmode off either 'y' or 'n'* default ‘n’available only when updating templates cardtemplate desc string 500 optional description { "cardtemplate" { "prtnrid" "4082825513190138240", "templaterefid" "2138240408282551313", "title" "wallet card title", "prtnrapppckgname" "prtnrapppckgname", "countrycode" "us", "desc" "desc", "cardtype" "coupon", "subtype" "others", "applogoimg" "http //www yourdomain com/banner_logo_image png", "nonetworksupportyn" "n", "sharebuttonexposureyn" "y", "privacymodeyn" "n", "preventcaptureyn" "n", } } gift card card type giftcard sub type others type value description payload object cardtemplate object required wallet card template object cardtemplate prtnrid string 32 required partner id cardtemplate templaterefid string 19 required partner template id cardtemplate title string 32 required wallet card name cardtemplate countrycode string 2 conditional main headquarters location* required when creating a template cardtemplate cardtype string 100 conditional this value set “giftcard”* required when creating a template cardtemplate subtype string 100 conditional this value set “others”* required when creating a template cardtemplate prtnrapppckgname string 128 optional app package name cardtemplate applogoimg string 200 optional banner logo image url cardtemplate nonetworksupportyn string 1 optional either 'y' or 'n'* default 'n' cardtemplate sharebuttonexposureyn string 1 optional either 'y' or 'n'* default 'y' cardtemplate privacymodeyn string 1 optional either 'y' or 'n'* default 'n' cardtemplate preventcaptureyn string 1 optional screen capture prevention flag cardtemplate state string 15 optional wallet card's state* default 'draft' cardtemplate testingmodeoff string 1 optional testmode off either 'y' or 'n'* default ‘n’available only when updating templates cardtemplate desc string 500 optional description { "cardtemplate" { "prtnrid" "4082825513190138240", "templaterefid" "2138240408282551315", "title" "wallet card title", "prtnrapppckgname" "prtnrapppckgname", "countrycode" "us", "desc" "desc", "cardtype" "gift", "subtype" "others", "applogoimg" "http //www yourdomain com/banner_logo_image png", "nonetworksupportyn" "n", "sharebuttonexposureyn" "y", "privacymodeyn" "n", "preventcaptureyn" "n", } } loyalty card type loyalty sub type others type value description payload object cardtemplate object required wallet card template object cardtemplate prtnrid string 32 required partner id cardtemplate templaterefid string 19 required partner template id cardtemplate title string 32 required wallet card name cardtemplate countrycode string 2 conditional main headquarters location* required when creating a template cardtemplate cardtype string 100 conditional this value set “loyalty”* required when creating a template cardtemplate subtype string 100 conditional this value set “others”* required when creating a template cardtemplate prtnrapppckgname string 128 optional app package name cardtemplate applogoimg string 200 optional banner logo image url cardtemplate nonetworksupportyn string 1 optional either 'y' or 'n'* default 'n' cardtemplate sharebuttonexposureyn string 1 optional either 'y' or 'n'* default 'y' cardtemplate privacymodeyn string 1 optional either 'y' or 'n'* default 'n' cardtemplate preventcaptureyn string 1 optional screen capture prevention flag cardtemplate state string 15 optional wallet card's state* default 'draft' cardtemplate testingmodeoff string 1 optional testmode off either 'y' or 'n'* default ‘n’available only when updating templates cardtemplate desc string 500 optional description { "cardtemplate" { "prtnrid" "4082825513190138240", "templaterefid" "2138240408282551316", "title" "wallet card title", "prtnrapppckgname" "prtnrapppckgname", "countrycode" "us", "desc" "desc", "cardtype" "loyalty", "subtype" "others", "applogoimg" "http //www yourdomain com/banner_logo_image png", "nonetworksupportyn" "n", "sharebuttonexposureyn" "n", "privacymodeyn" "n", "preventcaptureyn" "n" } } id card card type idcard sub type employees, nationals , drivers, others type value description payload object cardtemplate object required wallet card template object cardtemplate prtnrid string 32 required partner id cardtemplate templaterefid string 19 required partner template id cardtemplate title string 32 required wallet card name cardtemplate countrycode string 2 conditional main headquarters location* required when creating a template cardtemplate cardtype string 100 conditional this value set “idcard”* required when creating a template cardtemplate subtype string 100 conditional select from these values employees, nationals , drivers,others* required when creating a template cardtemplate saveinserveryn string 2 optional either 'y' or 'n'* default 'y' cardtemplate prtnrapppckgname string 128 optional app package name cardtemplate applogoimg string 200 optional banner logo image url cardtemplate nonetworksupportyn string 1 optional either 'y' or 'n'* default 'n' cardtemplate sharebuttonexposureyn string 1 optional either 'y' or 'n'* default 'y' cardtemplate privacymodeyn string 1 optional either 'y' or 'n'* default 'n' cardtemplate preventcaptureyn string 1 optional screen capture prevention flag cardtemplate state string 15 optional wallet card's state* default 'draft' cardtemplate testingmodeoff string 1 optional testmode off either 'y' or 'n'* default ‘n’available only when updating templates cardtemplate desc string 500 optional description { "cardtemplate" { "prtnrid" "4082825513190138240", "templaterefid" "2138240408282551317", "title" "wallet card title", "prtnrapppckgname" "prtnrapppckgname", "countrycode" "us", "desc" "desc", "cardtype" "idcard", "subtype" "employees", "applogoimg" "http //www yourdomain com/banner_logo_image png", "saveinserveryn" "y", "nonetworksupportyn" "n", "sharebuttonexposureyn" "y", "privacymodeyn" "n", "preventcaptureyn" "n" } } pay as you go card type payasyougo sub type evcharges type value description payload object cardtemplate object required wallet card template object cardtemplate prtnrid string 32 required partner id cardtemplate templaterefid string 19 required partner template id cardtemplate title string 32 required wallet card name cardtemplate countrycode string 2 conditional main headquarters location* required when creating a template cardtemplate cardtype string 100 conditional this value set “payasyougo”* required when creating a template cardtemplate subtype string 100 conditional this value set “evcharges”* required when creating a template cardtemplate prtnrapppckgname string 128 optional app package name cardtemplate applogoimg string 200 optional banner logo image url cardtemplate nonetworksupportyn string 1 optional either 'y' or 'n'* default 'n' cardtemplate sharebuttonexposureyn string 1 optional either 'y' or 'n'* default 'y' cardtemplate privacymodeyn string 1 optional either 'y' or 'n'* default 'n' cardtemplate preventcaptureyn string 1 optional screen capture prevention flag cardtemplate state string 15 optional wallet card's state* default 'draft' cardtemplate testingmodeoff string 1 optional testmode offeither 'y' or 'n'* default ‘n’available only when updating templates cardtemplate desc string 500 optional description { "cardtemplate" { "prtnrid" "4082825513190138240", "templaterefid" "2138240408282551318", "title" "wallet card title", "prtnrapppckgname" "prtnrapppckgname", "countrycode" "us", "desc" "desc", "cardtype" "payasyougo", "subtype" "evcharges", "applogoimg" "http //www yourdomain com/banner_logo_image png", "nonetworksupportyn" "n", "sharebuttonexposureyn" "y", "privacymodeyn" "n", "preventcaptureyn" "n" } } generic card card type generic sub type others type value description payload object cardtemplate object required wallet card template object cardtemplate prtnrid string 32 required partner id cardtemplate templaterefid string 19 required partner template id cardtemplate title string 32 required wallet card name cardtemplate countrycode string 2 conditional main headquarters location* required when creating a template cardtemplate cardtype string 100 conditional this value set “generic”* required when creating a template cardtemplate subtype string 100 conditional this value set “others”* required when creating a template cardtemplate designtype string 100 optional select from these values “generic 01”, “generic 02”, “generic 03”* default “generic 01” cardtemplate prtnrapppckgname string 128 optional app package name cardtemplate applogoimg string 200 optional banner logo image url cardtemplate nonetworksupportyn string 1 optional either 'y' or 'n'* default 'n' cardtemplate privacymodeyn string 1 optional either 'y' or 'n'* default 'n' cardtemplate preventcaptureyn string 1 optional screen capture prevention flag cardtemplate category string 20 optional select from these values “parking_pass”, “membership”, “reservations”, “insurance”, “health”, “receipt”, “coupon_stamp”, “note”, “photo”, “others” cardtemplate state string 15 optional wallet card's state* default 'draft' cardtemplate testingmodeoff string 1 optional testmode offeither 'y' or 'n'* default ‘n’available only when updating templates cardtemplate desc string 500 optional description { "cardtemplate" { "prtnrid" "4082825513190138240", "templaterefid" "2138240408282551319", "title" "wallet card title", "prtnrapppckgname" "prtnrapppckgname", "countrycode" "us", "desc" "desc", "cardtype" "generic", "subtype" "others", "applogoimg" "http //www yourdomain com/banner_logo_image png", "designtype" "generic 02", "nonetworksupportyn" "n", "category" "membership", "privacymodeyn" "n", "preventcaptureyn" "n" } }
Develop Smart TV
docapplication security this topic describe the security of applications which run on samsung devices related info web security testing guide owasp secure software development lifecycle microsoft security development lifecycle sdl cwe list version 4 6 overview security is becoming an important issue with the increase of various smart devices in order to protect data from users and businesses, samsung devices are enhancing security in several layers, from hardware to software as samsung device applications are also software driven by samsung, the security needs to be taken into account samsung device applications can store important information such as code and key values and personal information of the user, which is an important resource that must be protected these resources can be leaked due to a variety of reasons, such as a simple mistake by a developer or hacking by an attacker in order to safeguard this, samsung device applications need to be developed according to secure by design in particular, the personal information of the user should comply with the policy related to the personal information for each country secure by design all software within the devices developed by samsung are based on the secure development lifecycle sdl model, and development step is divided into analysis, design, implementation, and testing, so vulnerability should be removed by performing a security review at each step from the same point of view, applications operating on samsung device should maintain the same security level for this, we recommend that you consider security in the application development phase by referring to the following step-by-step security review security in the analysis/design phase you should identify important information that is stored and transferred and ensure that the information is handled safely if you receive user input, you should review that you do not require more information than you need, and there is no issue with the input format you must identify the important information to be used and ensure that the information is displayed on vulnerable areas in the flow of the program in particular, when transmitting important information outside the device, you need to ensure that it communicates with the specified server through a secured channel at the time of designing, you must first define important information that needs to be protected and design it in a proper manner to protect it security in the implementation phase it must be implemented in compliance with security rules to prevent information in the software from being leaked through known vulnerabilities important information obtained in the design phase should be stored by applying security techniques such as encryption and make sure that it does not exist in plain text within the program establish secure coding rules for each language and proceed with development accordingly you must use only the minimum permissions required and notify the user of the permissions you use you should make sure that the security channel is properly set on the network, and the latest version of the technology is applied if you use encryption algorithms, you must use them securely using verified standard algorithms where vulnerabilities are not reported security in test phase security checks must be performed before deployment to prevent security issues and maintain security through maintenance after deployment before deployment, it is necessary to verify that there is no issue with analysis, design, and implementation when actually operated through simulated hacking, packet checking, etc after deployment, if a new vulnerability is found or a modification occurs in the security check, it must be patched and applied to all users as soon as possible security review process in order to maintain the security of the application ecosystem, samsung is performing security checks on the submitted applications samsung checks the risk or misuse cases that may occur due to the submitted applications, and if there is an issue, the deployment process can be stopped and the application submitter can be advised to fix it application security guide this section provides basic security guidelines to consider in the development of applications for a safe and reliable application running environment, we recommend that you proceed with the following points in the development phase data protection three key factors for data protection are confidentiality, integrity, and availability if an application sends or stores sensitive information, the application must encrypt data stored on these devices and protect it from attackers it is very important to protect sensitive data such as user credentials or personal information in application security if the mechanism of the operating system is not used correctly, sensitive data can be unintentionally exposed definition of sensitive data personally identifiable information that can be exploited for identity theft for example, resident registration number, social security number, credit card number, bank account number, health information, etc sensitive data that can lead to loss of honor and loss of money if leaked all data that must be protected for legal or compliance reasons security item description data protection sensitive data, such as passwords or pin data, should not be exposed through the user interface the key values used by the application must be hardcoded or not stored in plain text sensitive data should not be stored in an application container or external storage sensitive data should not be recorded in the application log sensitive data should not be shared with third parties unless it is necessary in the architecture sensitive data should not be shared with third parties unless it is necessary in the architecture keyboard cache must be disabled from the text input that processes sensitive data sensitive data should not be exposed even during internal communication you should ensure that the data stored in the client-side storage ex html5 local storage, session store, indexeddb, regular cookie, or flash cookie does not contain sensitive data make sure that you have provided clear t&c for the collection and use of the provided personal information and that you have provided selective consent to the use of that data before you use it reference links european union general data protection regulation gdpr overvieweuropean union data protection supervisor - internet privacy engineering networkapplication development privacy guide table 1 data protection security description and reference links authentication if there is a feature to log-in to the remote service by the user, it must be configured through security design even when most of the logic is operating on a remote service, the device must also meet security requirements on how to manage user accounts and sessions security item description authentication if the application provides remote services to the user, user name and password authentication must be performed from the remote service if you use status storage session management, the remote service must authenticate the client request using the randomly generated session identifier without sending the user's credentials if using stateless token-based authentication, the remote services must provide signed tokens using security algorithms when a user logs out, the remote service must end the existing session table 2 authentication security description access control an application can access a resource only if it has access to it security item description access control application must require only the minimum access required application must use the privilege that match the permissions and specify the privileges used when accessing user data, make sure that the principle of minimum access privilege requirement is followed applications must have access to apis, data files, urls, controllers, directories, services, and other resources with minimal access required you should verify and process all input from external resources and users this should include data received through the ui, a user-defined url, inter-process communication ipc , etc if an application uses a completely unprotected custom url, you should not export sensitive information important data or apis must be protected from user access other than data owners reference links owasp cheat sheet access control table 3 access control security description and reference links communications when the network is used, the application should not display the transmitted/received content using a secured channel security item description communications data must be encrypted on the network using tls transport layer security security channels must be used consistently throughout the application the setting of the security channel must be configured to protect information safely the data being transmitted must be protected from being snatched/taken over in the middle ex defence against man in the middle attack reference links owasp – tls cheat sheet table 4 communications security description and reference links input validation you must defend the command insertion attack through validating the validity of input value input value validation should be considered at all stages of development security item description input validation input values must process the data based on type and content, applicable laws, regulations and other policy compliance, and define how to handle it you must ensure that input validation is performed on a trusted service layer you need to check whether it protects against parameter attacks such as mass parameter allocation attacks or unsafe parameter allocation all possible input values e g html form fields, rest requests, url parameters, http headers, cookies, batch files, rss feeds, etc must be checked using validation ex whitelist you should check whether the values entered are in the correct form in well-defined schemas, including allowed characters, lengths, and patterns the url redirection and forward should display a warning that only whitelist targets are allowed or that you are connecting with potentially untrusted content make sure you use memory safety strings, secure memory copy, and pointer calculation to detect or prevent stacks, buffers, or heap overflows in order to prevent integer overflow, you need to make sure that sign, range, and input validation techniques are used reference links xml external entity xxe prevention cheat sheetreducing xss by way of automatic context-aware escaping in template systems table 5 input validation security description and reference links password management in case of application with different user password, security settings are required for them security item description password management you must ensure that the password does not contain spaces and cut/copy is not performed in the password change feature, you should check that the user's current password and new password are required it is recommended to provide a password strength meter so that users can set a stronger password it is also recommended to provide rules that limit allowed character types uppercase letter, numeric, special characters you should check that it is recommended to change your user password within the right due date do not store the user password in the application's properties or settings file in plain text or recoverable form passwords must be stored, transferred, and compared in a hashed state using a standard hash function to prevent random attacks, you should use the login limit number of login or captcha default password should not be generated make sure you do not show the key information, like passwords in the log reference links cwe-804 guessable captchacwe-836 use of password hash instead of password for authenticationcwe-257 storing passwords in a recoverable formatcwe-261 weak encoding for passwordcwe-263 password aging with long expiration table 6 password management security description and reference links session manager a session is a technique for controlling and maintaining the status of a user or device interacting with one user in a web application a session has a unique value for each user and cannot guess or share that value security item description session manager you should check that the session token is not exposed/displayed in the application's url parameter or error message make sure the application generates a new session token from user authentication you should check that the session token is stored using properly secured cookies or security methods you should check that a session token is generated using a standard encryption algorithm make sure the session is not reused by verifying that the session token is invalid when logout and session expires reference links owasp session management cheat sheetalgorithms, key size and parameters report 2014 table 7 session manager security description and reference links error handling the purpose of error handling is to allow applications to provide security events related to monitoring, status check, and increase in permission, and not just creating logs security item description error handling you must ensure that common error handling formats and access method are used you must make sure exception handling is used on the code base to explain expected and unexpected error conditions you must ensure that other error handlers that can prepare all unprocessed exceptions are defined in case of an error, you must make sure that the message shown to the user does not contain application-related technical or sensitive information we recommend using separate error codes for error support table 8 error handling security description release check the following before releasing the application security item description release application must be signed and distributed with a valid certificate, and the private key must be properly protected debugging code and developer support code test code, back door, hidden settings, etc must be removed deployed applications should not output or record detailed errors or debugging messages libraries and frameworks etc used by applications should be checked for known vulnerabilities the equipment used for release must be able to respond to external threats viruses, hacking, etc it should be built in release mode a separate debug message should not be left from the application if you include binary, debug information should be removed if a vulnerability occurs after release, you should update the application as soon as possible and always keep the latest version table 9 release security description
Develop Smart Signage
docapplication security this topic describe the security of applications which run on samsung devices related info web security testing guide owasp secure software development lifecycle microsoft security development lifecycle sdl cwe list version 4 6 overview security is becoming an important issue with the increase of various smart devices in order to protect data from users and businesses, samsung devices are enhancing security in several layers, from hardware to software as samsung device applications are also software driven by samsung, the security needs to be taken into account samsung device applications can store important information such as code and key values and personal information of the user, which is an important resource that must be protected these resources can be leaked due to a variety of reasons, such as a simple mistake by a developer or hacking by an attacker in order to safeguard this, samsung device applications need to be developed according to secure by design in particular, the personal information of the user should comply with the policy related to the personal information for each country secure by design all software within the devices developed by samsung are based on the secure development lifecycle sdl model, and development step is divided into analysis, design, implementation, and testing, so vulnerability should be removed by performing a security review at each step from the same point of view, applications operating on samsung device should maintain the same security level for this, we recommend that you consider security in the application development phase by referring to the following step-by-step security review security in the analysis/design phase you should identify important information that is stored and transferred and ensure that the information is handled safely if you receive user input, you should review that you do not require more information than you need, and there is no issue with the input format you must identify the important information to be used and ensure that the information is displayed on vulnerable areas in the flow of the program in particular, when transmitting important information outside the device, you need to ensure that it communicates with the specified server through a secured channel at the time of designing, you must first define important information that needs to be protected and design it in a proper manner to protect it security in the implementation phase it must be implemented in compliance with security rules to prevent information in the software from being leaked through known vulnerabilities important information obtained in the design phase should be stored by applying security techniques such as encryption and make sure that it does not exist in plain text within the program establish secure coding rules for each language and proceed with development accordingly you must use only the minimum permissions required and notify the user of the permissions you use you should make sure that the security channel is properly set on the network, and the latest version of the technology is applied if you use encryption algorithms, you must use them securely using verified standard algorithms where vulnerabilities are not reported security in test phase security checks must be performed before deployment to prevent security issues and maintain security through maintenance after deployment before deployment, it is necessary to verify that there is no issue with analysis, design, and implementation when actually operated through simulated hacking, packet checking, etc after deployment, if a new vulnerability is found or a modification occurs in the security check, it must be patched and applied to all users as soon as possible security review process in order to maintain the security of the application ecosystem, samsung is performing security checks on the submitted applications samsung checks the risk or misuse cases that may occur due to the submitted applications, and if there is an issue, the deployment process can be stopped and the application submitter can be advised to fix it application security guide this section provides basic security guidelines to consider in the development of applications for a safe and reliable application running environment, we recommend that you proceed with the following points in the development phase data protection three key factors for data protection are confidentiality, integrity, and availability if an application sends or stores sensitive information, the application must encrypt data stored on these devices and protect it from attackers it is very important to protect sensitive data such as user credentials or personal information in application security if the mechanism of the operating system is not used correctly, sensitive data can be unintentionally exposed definition of sensitive data personally identifiable information that can be exploited for identity theft for example, resident registration number, social security number, credit card number, bank account number, health information, etc sensitive data that can lead to loss of honor and loss of money if leaked all data that must be protected for legal or compliance reasons security item description data protection sensitive data, such as passwords or pin data, should not be exposed through the user interface the key values used by the application must be hardcoded or not stored in plain text sensitive data should not be stored in an application container or external storage sensitive data should not be recorded in the application log sensitive data should not be shared with third parties unless it is necessary in the architecture sensitive data should not be shared with third parties unless it is necessary in the architecture keyboard cache must be disabled from the text input that processes sensitive data sensitive data should not be exposed even during internal communication you should ensure that the data stored in the client-side storage ex html5 local storage, session store, indexeddb, regular cookie, or flash cookie does not contain sensitive data make sure that you have provided clear t&c for the collection and use of the provided personal information and that you have provided selective consent to the use of that data before you use it reference links european union general data protection regulation gdpr overvieweuropean union data protection supervisor - internet privacy engineering networkapplication development privacy guide table 1 data protection security description and reference links authentication if there is a feature to log-in to the remote service by the user, it must be configured through security design even when most of the logic is operating on a remote service, the device must also meet security requirements on how to manage user accounts and sessions security item description authentication if the application provides remote services to the user, user name and password authentication must be performed from the remote service if you use status storage session management, the remote service must authenticate the client request using the randomly generated session identifier without sending the user's credentials if using stateless token-based authentication, the remote services must provide signed tokens using security algorithms when a user logs out, the remote service must end the existing session table 2 authentication security description access control an application can access a resource only if it has access to it security item description access control application must require only the minimum access required application must use the privilege that match the permissions and specify the privileges used when accessing user data, make sure that the principle of minimum access privilege requirement is followed applications must have access to apis, data files, urls, controllers, directories, services, and other resources with minimal access required you should verify and process all input from external resources and users this should include data received through the ui, a user-defined url, inter-process communication ipc , etc if an application uses a completely unprotected custom url, you should not export sensitive information important data or apis must be protected from user access other than data owners reference links owasp cheat sheet access control table 3 access control security description and reference links communications when the network is used, the application should not display the transmitted/received content using a secured channel security item description communications data must be encrypted on the network using tls transport layer security security channels must be used consistently throughout the application the setting of the security channel must be configured to protect information safely the data being transmitted must be protected from being snatched/taken over in the middle ex defence against man in the middle attack reference links owasp – tls cheat sheet table 4 communications security description and reference links input validation you must defend the command insertion attack through validating the validity of input value input value validation should be considered at all stages of development security item description input validation input values must process the data based on type and content, applicable laws, regulations and other policy compliance, and define how to handle it you must ensure that input validation is performed on a trusted service layer you need to check whether it protects against parameter attacks such as mass parameter allocation attacks or unsafe parameter allocation all possible input values e g html form fields, rest requests, url parameters, http headers, cookies, batch files, rss feeds, etc must be checked using validation ex whitelist you should check whether the values entered are in the correct form in well-defined schemas, including allowed characters, lengths, and patterns the url redirection and forward should display a warning that only whitelist targets are allowed or that you are connecting with potentially untrusted content make sure you use memory safety strings, secure memory copy, and pointer calculation to detect or prevent stacks, buffers, or heap overflows in order to prevent integer overflow, you need to make sure that sign, range, and input validation techniques are used reference links xml external entity xxe prevention cheat sheetreducing xss by way of automatic context-aware escaping in template systems table 5 input validation security description and reference links password management in case of application with different user password, security settings are required for them security item description password management you must ensure that the password does not contain spaces and cut/copy is not performed in the password change feature, you should check that the user's current password and new password are required it is recommended to provide a password strength meter so that users can set a stronger password it is also recommended to provide rules that limit allowed character types uppercase letter, numeric, special characters you should check that it is recommended to change your user password within the right due date do not store the user password in the application's properties or settings file in plain text or recoverable form passwords must be stored, transferred, and compared in a hashed state using a standard hash function to prevent random attacks, you should use the login limit number of login or captcha default password should not be generated make sure you do not show the key information, like passwords in the log reference links cwe-804 guessable captchacwe-836 use of password hash instead of password for authenticationcwe-257 storing passwords in a recoverable formatcwe-261 weak encoding for passwordcwe-263 password aging with long expiration table 6 password management security description and reference links session manager a session is a technique for controlling and maintaining the status of a user or device interacting with one user in a web application a session has a unique value for each user and cannot guess or share that value security item description session manager you should check that the session token is not exposed/displayed in the application's url parameter or error message make sure the application generates a new session token from user authentication you should check that the session token is stored using properly secured cookies or security methods you should check that a session token is generated using a standard encryption algorithm make sure the session is not reused by verifying that the session token is invalid when logout and session expires reference links owasp session management cheat sheetalgorithms, key size and parameters report 2014 table 7 session manager security description and reference links error handling the purpose of error handling is to allow applications to provide security events related to monitoring, status check, and increase in permission, and not just creating logs security item description error handling you must ensure that common error handling formats and access method are used you must make sure exception handling is used on the code base to explain expected and unexpected error conditions you must ensure that other error handlers that can prepare all unprocessed exceptions are defined in case of an error, you must make sure that the message shown to the user does not contain application-related technical or sensitive information we recommend using separate error codes for error support table 8 error handling security description release check the following before releasing the application security item description release application must be signed and distributed with a valid certificate, and the private key must be properly protected debugging code and developer support code test code, back door, hidden settings, etc must be removed deployed applications should not output or record detailed errors or debugging messages libraries and frameworks etc used by applications should be checked for known vulnerabilities the equipment used for release must be able to respond to external threats viruses, hacking, etc it should be built in release mode a separate debug message should not be left from the application if you include binary, debug information should be removed if a vulnerability occurs after release, you should update the application as soon as possible and always keep the latest version table 9 release security description
Develop Smart Hospitality Display
docapplication security this topic describe the security of applications which run on samsung devices related info web security testing guide owasp secure software development lifecycle microsoft security development lifecycle sdl cwe list version 4 6 overview security is becoming an important issue with the increase of various smart devices in order to protect data from users and businesses, samsung devices are enhancing security in several layers, from hardware to software as samsung device applications are also software driven by samsung, the security needs to be taken into account samsung device applications can store important information such as code and key values and personal information of the user, which is an important resource that must be protected these resources can be leaked due to a variety of reasons, such as a simple mistake by a developer or hacking by an attacker in order to safeguard this, samsung device applications need to be developed according to secure by design in particular, the personal information of the user should comply with the policy related to the personal information for each country secure by design all software within the devices developed by samsung are based on the secure development lifecycle sdl model, and development step is divided into analysis, design, implementation, and testing, so vulnerability should be removed by performing a security review at each step from the same point of view, applications operating on samsung device should maintain the same security level for this, we recommend that you consider security in the application development phase by referring to the following step-by-step security review security in the analysis/design phase you should identify important information that is stored and transferred and ensure that the information is handled safely if you receive user input, you should review that you do not require more information than you need, and there is no issue with the input format you must identify the important information to be used and ensure that the information is displayed on vulnerable areas in the flow of the program in particular, when transmitting important information outside the device, you need to ensure that it communicates with the specified server through a secured channel at the time of designing, you must first define important information that needs to be protected and design it in a proper manner to protect it security in the implementation phase it must be implemented in compliance with security rules to prevent information in the software from being leaked through known vulnerabilities important information obtained in the design phase should be stored by applying security techniques such as encryption and make sure that it does not exist in plain text within the program establish secure coding rules for each language and proceed with development accordingly you must use only the minimum permissions required and notify the user of the permissions you use you should make sure that the security channel is properly set on the network, and the latest version of the technology is applied if you use encryption algorithms, you must use them securely using verified standard algorithms where vulnerabilities are not reported security in test phase security checks must be performed before deployment to prevent security issues and maintain security through maintenance after deployment before deployment, it is necessary to verify that there is no issue with analysis, design, and implementation when actually operated through simulated hacking, packet checking, etc after deployment, if a new vulnerability is found or a modification occurs in the security check, it must be patched and applied to all users as soon as possible security review process in order to maintain the security of the application ecosystem, samsung is performing security checks on the submitted applications samsung checks the risk or misuse cases that may occur due to the submitted applications, and if there is an issue, the deployment process can be stopped and the application submitter can be advised to fix it application security guide this section provides basic security guidelines to consider in the development of applications for a safe and reliable application running environment, we recommend that you proceed with the following points in the development phase data protection three key factors for data protection are confidentiality, integrity, and availability if an application sends or stores sensitive information, the application must encrypt data stored on these devices and protect it from attackers it is very important to protect sensitive data such as user credentials or personal information in application security if the mechanism of the operating system is not used correctly, sensitive data can be unintentionally exposed definition of sensitive data personally identifiable information that can be exploited for identity theft for example, resident registration number, social security number, credit card number, bank account number, health information, etc sensitive data that can lead to loss of honor and loss of money if leaked all data that must be protected for legal or compliance reasons security item description data protection sensitive data, such as passwords or pin data, should not be exposed through the user interface the key values used by the application must be hardcoded or not stored in plain text sensitive data should not be stored in an application container or external storage sensitive data should not be recorded in the application log sensitive data should not be shared with third parties unless it is necessary in the architecture sensitive data should not be shared with third parties unless it is necessary in the architecture keyboard cache must be disabled from the text input that processes sensitive data sensitive data should not be exposed even during internal communication you should ensure that the data stored in the client-side storage ex html5 local storage, session store, indexeddb, regular cookie, or flash cookie does not contain sensitive data make sure that you have provided clear t&c for the collection and use of the provided personal information and that you have provided selective consent to the use of that data before you use it reference links european union general data protection regulation gdpr overvieweuropean union data protection supervisor - internet privacy engineering networkapplication development privacy guide table 1 data protection security description and reference links authentication if there is a feature to log-in to the remote service by the user, it must be configured through security design even when most of the logic is operating on a remote service, the device must also meet security requirements on how to manage user accounts and sessions security item description authentication if the application provides remote services to the user, user name and password authentication must be performed from the remote service if you use status storage session management, the remote service must authenticate the client request using the randomly generated session identifier without sending the user's credentials if using stateless token-based authentication, the remote services must provide signed tokens using security algorithms when a user logs out, the remote service must end the existing session table 2 authentication security description access control an application can access a resource only if it has access to it security item description access control application must require only the minimum access required application must use the privilege that match the permissions and specify the privileges used when accessing user data, make sure that the principle of minimum access privilege requirement is followed applications must have access to apis, data files, urls, controllers, directories, services, and other resources with minimal access required you should verify and process all input from external resources and users this should include data received through the ui, a user-defined url, inter-process communication ipc , etc if an application uses a completely unprotected custom url, you should not export sensitive information important data or apis must be protected from user access other than data owners reference links owasp cheat sheet access control table 3 access control security description and reference links communications when the network is used, the application should not display the transmitted/received content using a secured channel security item description communications data must be encrypted on the network using tls transport layer security security channels must be used consistently throughout the application the setting of the security channel must be configured to protect information safely the data being transmitted must be protected from being snatched/taken over in the middle ex defence against man in the middle attack reference links owasp – tls cheat sheet table 4 communications security description and reference links input validation you must defend the command insertion attack through validating the validity of input value input value validation should be considered at all stages of development security item description input validation input values must process the data based on type and content, applicable laws, regulations and other policy compliance, and define how to handle it you must ensure that input validation is performed on a trusted service layer you need to check whether it protects against parameter attacks such as mass parameter allocation attacks or unsafe parameter allocation all possible input values e g html form fields, rest requests, url parameters, http headers, cookies, batch files, rss feeds, etc must be checked using validation ex whitelist you should check whether the values entered are in the correct form in well-defined schemas, including allowed characters, lengths, and patterns the url redirection and forward should display a warning that only whitelist targets are allowed or that you are connecting with potentially untrusted content make sure you use memory safety strings, secure memory copy, and pointer calculation to detect or prevent stacks, buffers, or heap overflows in order to prevent integer overflow, you need to make sure that sign, range, and input validation techniques are used reference links xml external entity xxe prevention cheat sheetreducing xss by way of automatic context-aware escaping in template systems table 5 input validation security description and reference links password management in case of application with different user password, security settings are required for them security item description password management you must ensure that the password does not contain spaces and cut/copy is not performed in the password change feature, you should check that the user's current password and new password are required it is recommended to provide a password strength meter so that users can set a stronger password it is also recommended to provide rules that limit allowed character types uppercase letter, numeric, special characters you should check that it is recommended to change your user password within the right due date do not store the user password in the application's properties or settings file in plain text or recoverable form passwords must be stored, transferred, and compared in a hashed state using a standard hash function to prevent random attacks, you should use the login limit number of login or captcha default password should not be generated make sure you do not show the key information, like passwords in the log reference links cwe-804 guessable captchacwe-836 use of password hash instead of password for authenticationcwe-257 storing passwords in a recoverable formatcwe-261 weak encoding for passwordcwe-263 password aging with long expiration table 6 password management security description and reference links session manager a session is a technique for controlling and maintaining the status of a user or device interacting with one user in a web application a session has a unique value for each user and cannot guess or share that value security item description session manager you should check that the session token is not exposed/displayed in the application's url parameter or error message make sure the application generates a new session token from user authentication you should check that the session token is stored using properly secured cookies or security methods you should check that a session token is generated using a standard encryption algorithm make sure the session is not reused by verifying that the session token is invalid when logout and session expires reference links owasp session management cheat sheetalgorithms, key size and parameters report 2014 table 7 session manager security description and reference links error handling the purpose of error handling is to allow applications to provide security events related to monitoring, status check, and increase in permission, and not just creating logs security item description error handling you must ensure that common error handling formats and access method are used you must make sure exception handling is used on the code base to explain expected and unexpected error conditions you must ensure that other error handlers that can prepare all unprocessed exceptions are defined in case of an error, you must make sure that the message shown to the user does not contain application-related technical or sensitive information we recommend using separate error codes for error support table 8 error handling security description release check the following before releasing the application security item description release application must be signed and distributed with a valid certificate, and the private key must be properly protected debugging code and developer support code test code, back door, hidden settings, etc must be removed deployed applications should not output or record detailed errors or debugging messages libraries and frameworks etc used by applications should be checked for known vulnerabilities the equipment used for release must be able to respond to external threats viruses, hacking, etc it should be built in release mode a separate debug message should not be left from the application if you include binary, debug information should be removed if a vulnerability occurs after release, you should update the application as soon as possible and always keep the latest version table 9 release security description
Distribute Galaxy Store
doccontent publish api the content publish api is used to view, modify, submit, and change the status of apps registered in galaxy store seller portal and provides programmatic access to the same types of functionality provided by seller portal the content publish api is part of the galaxy store developer api you must meet all of the requirements of the galaxy store developer api including, but not limited to, creating the access token and including the access token in the authorization header of every content publish api call for more information about registering apps, app status, or using seller portal, refer to the galaxy store seller portal user guide the following is a quick reference to the content publish apis name request description view seller’s app list get /seller/contentlist view a list of all of the seller's registered apps view seller’s app details get /seller/contentinfo view information about one of the seller's registered apps modify app data post /seller/contentupdate modify app information, including images, icons, and binary files, after an app has been submitted and is for sale in galaxy store submit app post /seller/contentsubmit submit an app for review change app status post /seller/contentstatusupdate change the status of an app registered in seller portal create file upload session id post /seller/createuploadsessionid generate a session id required to upload a file file upload post /galaxyapi/fileupload upload files required for app submission or for updating an app authorization header parameters every request must include authorization header parameters which specify the content type, your access token, and service account id see create an access token for more information about how to create an access token and service account id attribute type description authorization string required use bearer <your-access-token> where <your-access-token> is the access token you requested from the galaxy store authentication server service-account-id string required the service account id used to create the jwt associated with the access token can be found in the assistance > api service area of seller portal content-type string required for post, put, and patch requests must be application/json the following example shows the header used with the content publish apis curl -x content_publish_api_request \ -h "content-type application/json" \ -h "authorization bearer <your-access-token>" \ -h "service-account-id <your-service-account-id>" view seller’s app list view a list of all of the seller's registered apps request get /seller/contentlist example curl -i -x get \ -h "authorization bearer <your-access-token>" \ -h "service-account-id <your-service-account-id>" \ "https //devapi samsungapps com/seller/contentlist" response parameters name type description contentname string name of the app contentid integer the unique 12-digit identifier of the app contentstatus string the status of the app in seller portal standardprice double the standard price in usd united states of america dollars that determines the default country-specific price for all distribution countries paid boolean whether or not the app download requires a user payment y the user must pay to download the appn the app is free to download modifydate string the date the app was last updated in seller portal success [ { "contentname" "samsung pay", "contentid" "000001234567", "contentstatus" "registering", "standardprice" null, "paid" "n", "modifydate" "2021-02-23 01 26 26 0" }, { "contentname" "samsung health", "contentid" "000002345678", "contentstatus" "for_sale", "standardprice" "0", "paid" "n", "modifydate" "2021-02-23 00 23 19 0" }, { "contentname" "samsung gallery", "contentid" "000003456789", "contentstatus" "ready_for_change", "standardprice" "0", "paid" "n", "modifydate" "2021-02-22 23 40 46 0" }, { "contentname" "samsung music", "contentid" "000004567890", "contentstatus" "ready_to_preexamination", "standardprice" "10", "paid" "y", "modifydate" "2021-02-18 06 48 08 0" }, { "contentname" "smartthings", "contentid" "000009876543", "contentstatus" "under_content_review", "standardprice" "0", "paid" "n", "modifydate" "2020-10-06 06 44 35 0" }, { "contentname" "galaxy wearable", "contentid" "000008765432", "contentstatus" "canceled", "standardprice" "0", "paid" "n", "modifydate" "2020-08-11 04 40 27 0" } ] notethe contentstatus of registering returned by the api is the same as the updating state displayed in seller portal see failure response codes for a list of possible response codes when a request fails view seller’s app details view information about one of the seller's registered apps request get /seller/contentinfo parameters name type in description contentid string querystring required the unique 12-digit identifier of the app curl -i -x get \ -h "authorization bearer <your-access-token>" \ -h "service-account-id <your-service-account-id>" \ "https //devapi samsungapps com/seller/contentinfo?contentid=000007654321" response parameters see the content publish api reference for more information about these parameters success [ { "contentid" "000007654321", "apptitle" "the best app ever!", "icon" "https //img samsungapps com/content/d33aazz11a/2021/0214/iconimage_20210214000000000 png", "iconkey" null, "contentstatus" "registering", "defaultlanguagecode" "eng", "applicationtype" "android", "longdescription" "the app that solves all your problems ", "shortdescription" "", "newfeature" "", "agelimit" "0", "chinaagelimit" "0", "opensourceurl" "", "privatepolicyurl" "", "youtubeurl" "", "copyrightholder" "", "supportemail" "support@mycompany com", "supportedsiteurl" "", "binarylist" [ { "filename" "app_filename apk", "binaryseq" "1", "versioncode" "3", "versionname" "3", "packagename" "my package name", "nativeplatforms" null, "apiminsdkversion" "26", "apimaxsdkversion" null, "iapsdk" "n", "gms" "y", "filekey" null } ], "standardprice" "0", "paid" "n", "autoaddcountry" false, "publicationtype" "01", "startpublicationdate" null, "stoppublicationdate" "2023-01-02", "usexportlaws" true, "reviewcomment" null, "reviewfilename" null, "reviewfilekey" null, "edgescreen" null, "edgescreenkey" null, "edgescreenplus" null, "edgescreenpluskey" null, "notifyresult" [], "sellcountrylist" [ {"countrycode" "aut", "price" "0"}, {"countrycode" "deu", "price" "0"}, {"countrycode" "esp", "price" "0"}, {"countrycode" "fra", "price" "0"}, {"countrycode" "ita", "price" "0"}, {"countrycode" "jpn", "price" "0"}, {"countrycode" "kor", "price" "0"}, {"countrycode" "nld", "price" "0"}, {"countrycode" "tur", "price" "0"} ], "supportedlanguages" ["deu", "eng", "fra", "ita", "jpn", "kor"], "addlanguage" [ { "languagecode" "deu", "newfeature" "", "description" "the app that solves all your problems ", "apptitle" "the best app ever!", "screenshots" [ { "screenshotpath" "https //img samsungapps com/content/d33aazz11a/2021/0223/deu/screenimage_202102230000000002 png", "screenshotkey" null, "reuseyn" false }, { "screenshotpath" "https //img samsungapps com/content/d33aazz11a/2021/0223/deu/screenimage_2021022300000000 png", "screenshotkey" null, "reuseyn" false }, { "screenshotpath" "https //img samsungapps com/content/d33aazz11a/2021/0223/deu/screenimage_20210223000000009 png", "screenshotkey" null, "reuseyn" false }, { "screenshotpath" "https //img samsungapps com/content/d33aazz11a/2021/0223/deu/screenimage_202102230000000001 jpeg", "screenshotkey" null, "reuseyn" false } ] } ], "screenshots" [ { "screenshotpath" "https //img samsungapps com/content/d33aazz11a/2021/0218/eng/screenimage_20210218000000000 png", "screenshotkey" null, "reuseyn" false }, { "screenshotpath" "https //img samsungapps com/content/d33aazz11a/2021/0218/eng/screenimage_20210218000000001 png", "screenshotkey" null, "reuseyn" false }, { "screenshotpath" "https //img samsungapps com/content/d33aazz11a/2021/0218/eng/screenimage_20210218000000002 png", "screenshotkey" null, "reuseyn" false }, { "screenshotpath" "https //img samsungapps com/content/d33aazz11a/2021/0218/eng/screenimage_20210218000000003 png", "screenshotkey" null, "reuseyn" false } ], "category" [ { "name" "others", "type" "one_depth_category" }, { "name" "music", "type" "general_category" } ], "heroimage" "https //img samsungapps com/content/d33aazz11a/2021/0219/eng/coverimage_20210219000000007 png", "heroimagekey" null } ] notethe contentstatus of registering returned by the api is the same as the updating state displayed in seller portal see failure response codes for a list of possible response codes when a request fails modify app data modify app information, including images, icons, and binary files, after an app has been submitted and is for sale in galaxy store tipto modify an app, use the response from contentinfo to create the input required for this request request post /seller/contentupdate see the view seller's app details successful response example for the json structure see the content publish api reference for more information about the request parameters notecontentid, defaultlanguagecode, paid, and publicationtype, must be included in the request if you are updating addlanguage, binarylist, screenshots, or sellcountry, these subparameters must be included addlanguage[{languagecode, description, apptitle}], binarylist[{binaryseq, filekey, gms}], screenshots[{reuseyn}], and sellcountry[{countrycode}] see the content publish api reference for more information curl -i -x post \ -h "content-type application/json" \ -h "authorization bearer <your-access-token>" \ -h "service-account-id <your-service-account-id>" \ -d '{"contentid" "000007654321","apptitle" "publish api tester","icon" null,"iconkey" "5d33bb33-9999-0000-1111-66776633dd99", "contentstatus" "registering","defaultlanguagecode" "eng","applicationtype" "android","longdescription" "test app","shortdescription" "","newfeature" "", }' \ "https //devapi samsungapps com/seller/contentupdate" to replace a screenshot, use the reuseyn and screenshotkey parameters see screenshots parameters for more information to add to the supportedlanguages, addlanguage, and sellcountrylist parameters, append additional content to the json structure to remove all content from the addlanguage, binarylist, screenshots, and sellcountrylist parameters, leave them blank in the request for example, "addlanguage" "" to keep the existing content for these parameters neither add nor delete content , set them to null for example, "binarylist" "null" examples modify app metadata curl -i -x post \ -h "content-type application/json" \ -h "authorization bearer <your-access-token>" \ -h "service-account-id <your-service-account-id>" \ -d '{ "contentid" "000007654321", "apptitle" "the best app ever!", "iconkey" "<new-icon-key>", "defaultlanguagecode" "eng", "longdescription" "new-long-description", "shortdescription" "", "newfeature" "<new-feature>", "agelimit" "0", "chinaagelimit" "0", "opensourceurl" "", "privatepolicyurl" "", "youtubeurl" "", "copyrightholder" "", "supportemail" "support@mycompany com", "supportedsiteurl" "", "standardprice" "10", "paid" "y", "publicationtype" "03", "startpublicationdate" "2021-03-31 10 00 00", "stoppublicationdate" "2022-01-02", "usexportlaws" true, "reviewcomment" "<new-review-comment>", "reviewfilename" null, "reviewfilekey" "<new-review-file-key>", "edgescreenkey" "<new-edge-screen-key>", "edgescreenpluskey" "<new-edge-screen-plus-key>", "notifyresult" [], "supportedlanguages" ["deu", "eng", "fra"], "heroimagekey" "<new-hero-image-key>", "addlanguage" "null", "binarylist" "null", "screenshots" "null", "sellcountrylist" "null" }' \ "https //devapi samsungapps com/seller/contentupdate" remove and add countries of app sales curl -i -x post \ -h "content-type application/json" \ -h "authorization bearer <your-access-token>" \ -h "service-account-id <your-service-account-id>" \ -d '{ "contentid" "000007654321", "apptitle" "the best app ever!", "defaultlanguagecode" "eng", "paid" "n", "publicationtype" "03", "sellcountrylist" [ {"countrycode" "deu", "price" "0"}, {"countrycode" "fra", "price" "0"}, {"countrycode" "gbr", "price" "0"}, {"countrycode" "usa", "price" "0"}, {"countrycode" "<new-sell-countrycode1>", "price" "0"}, {"countrycode" "<new-sell-countrycode2>", "price" "0"}, {"countrycode" "<new-sell-countrycode3>", "price" "0"}, {"countrycode" "<new-sell-countrycode4>", "price" "0"} ], "supportedlanguages" ["deu", "eng", "fra"] }' \ "https //devapi samsungapps com/seller/contentupdate" remove and add app screenshots curl -i -x post \ -h "content-type application/json" \ -h "authorization bearer <your-access-token>" \ -h "service-account-id <your-service-account-id>" \ -d '{ "contentid" "000007654321", "apptitle" "the best app ever!", "defaultlanguagecode" "eng", "paid" "n", "publicationtype" "03", "screenshots" [ {"reuseyn" true}, {"screenshotkey" "<update-screenshot-2-key>", "reuseyn" false}, {"screenshotkey" "<update-screenshot-3-key>", "reuseyn" false}, {"reuseyn" true}, {"screenshotkey" "<new-screenshot-5-key>", "reuseyn" false}, {"screenshotkey" "<new-screenshot-6-key>", "reuseyn" false} ] }' \ "https //devapi samsungapps com/seller/contentupdate" remove additional languages for app curl -i -x post \ -h "content-type application/json" \ -h "authorization bearer <your-access-token>" \ -h "service-account-id <your-service-account-id>" \ -d '{ "contentid" "000007654321", "apptitle" "the best app ever!", "defaultlanguagecode" "eng", "paid" "n", "publicationtype" "03", "addlanguage" [ { "languagecode" "<new-addlanguage-1-code>", "newfeature" "<new-addlanguage-1-code-new-feature>", "description" "<new-addlanguage-1-code-description>", "apptitle" "<new-addlanguage-1-code-title>", "screenshots" [ {"screenshotkey" "<new-addlanguage-1-screenshot-1-key>", "reuseyn" false}, {"screenshotkey" "<new-addlanguage-1-screenshot-2-key>", "reuseyn" false}, {"screenshotkey" "<new-addlanguage-1-screenshot-3-key>", "reuseyn" false}, {"screenshotkey" "<new-addlanguage-1-screenshot-4-key>", "reuseyn" false} ] }, { "languagecode" "<new-addlanguage-2-code>", "newfeature" "<new-addlanguage-2-code-new-feature>", "description" "<new-addlanguage-2-code-description>", "apptitle" "<new-addlanguage-2-code-title>", "screenshots" [ {"screenshotkey" "<new-addlanguage-2-screenshot-1-key>", "reuseyn" false}, {"screenshotkey" "<new-addlanguage-2-screenshot-2-key>", "reuseyn" false}, {"screenshotkey" "<new-addlanguage-2-screenshot-3-key>", "reuseyn" false}, {"screenshotkey" "<new-addlanguage-2-screenshot-4-key>", "reuseyn" false} ] } ] }' \ "https //devapi samsungapps com/seller/contentupdate" register binary curl -i -x post \ -h "content-type application/json" \ -h "authorization bearer <your-access-token>" \ -h "service-account-id <your-service-account-id>" \ -d '{ "contentid" "000007654321", "apptitle" "the best app ever!", "defaultlanguagecode" "eng", "paid" "n", "publicationtype" "03", "binarylist" [ { "filename" "myapp apk", "binaryseq" "1", "versioncode" "3", "versionname" "3", "packagename" "com my app20210330", "nativeplatforms" null, "apiminsdkversion" "1", "apimaxsdkversion" null, "iapsdk" "n", "gms" "y", "filekey" null }, { "binaryseq" "2", "gms" "y", "filekey" "<new-binary-file-key>" } ] }' \ "https //devapi samsungapps com/seller/contentupdate" response success status 200 success { "ctntid" "000007654321", "contentstatus" "registering", "httpstatus" "ok", "errorcode" null, "errormsg" null } notethe contentstatus of registering returned by the api is the same as the updating state displayed in seller portal see failure response codes for a list of possible response codes when a request fails submit app submit the app for review an app must be reviewed before it is offered for sale in galaxy store you can check the status of the app using contentlist or contentinfo see app review for more information about the app review process noteapps must be in the registering state before they can be submitted this is the same as the updating state displayed in seller portal request post /seller/contentsubmit parameters name type in description contentid string body required the unique 12-digit identifier of the app curl -i -x post \ -h "content-type application/json" \ -h "authorization bearer <your-access-token>" \ -h "service-account-id <your-service-account-id>" \ -d '{"contentid" "000007654321"}' \ "https //devapi samsungapps com/seller/contentsubmit" response success status 204 no content see failure response codes for a list of possible response codes when a request fails change app status change the status of an app registered in seller portal you can distribute, suspend, or terminate an app request post /seller/contentstatusupdate name type in description contentid string body required the unique 12-digit identifier of the app contentstatus string body required the status to which to change your app set to one of the following values for_sale to distribute an app that has the status of ready_for_sale or ready_for_change suspended to suspend the sale of an app when the app has the status of for_sale terminated to end the sale of an app when the app has the status of suspended curl -i -x post \ -h "content-type application/json" \ -h "authorization bearer <your-access-token>" \ -h "service-account-id <your-service-account-id>" \ -d '{"contentid" "000007654321", "contentstatus" "for_sale"}' \ "https //devapi samsungapps com/seller/contentstatusupdate" response success status 204 no content see failure response codes for a list of possible response codes when a request fails create session id for file upload generate a session id required to upload a file the session id is unique and valid for 24 hours request post /seller/createuploadsessionid curl -i -x post \ "https //devapi samsungapps com/seller/createuploadsessionid" response success status 200 ok { "url" "https //seller samsungapps com/galaxyapi/fileupload", "sessionid" "d7ca6869-128e-4bfb-a56d-674d77f08848" } file upload upload files required for app submission or for updating an app the filekey in this response is used in the modify app data request refer to app registration - information on app-related image/video registration for image file requirements notethe base url for this api is different from the rest of the apis on this page https //seller samsungapps com/galaxyapi/ instead of https //devapi samsungapps com/seller/ request post /galaxyapi/fileupload name type in description file string body required file to upload, such as a binary file, image icon, cover image, or screenshot , or zip file game industry age rating certificates or other reference information needed for app review , and type of file sessionid string body required unique id generated by createuploadsessionid curl -i -x post \ -h "content-type multipart/form-data" \ -h "authorization bearer <your-access-token>" \ -h "service-account-id <your-service-account-id>" \ -f "file=@\" /icon_512x512 png\";type=image/png;filename=\"icon_512x512 png\"" \ -f "sessionid=d7ca6869-128e-4bfb-a56d-674d77f08848" \ "https //seller samsungapps com/galaxyapi/fileupload" response success status 200 success { "filekey" "5d33cb93-b399-41c0-9c41-667946736d09", "filename" "icon_512x512 png", "filesize" "86265", "errorcode" null, "errormsg" null } see failure response codes for a list of possible response codes when a request fails failure response codes the following are response codes you may see when the request fails status code and message 400bad request error code error reason in detail invalid request or content error 3001 screenshoturl count is not valid you must include at least four screenshots 3050 invalid price for a paid app if this is a paid app, the price cannot be set to zero 4106 failed to distribute content request error 4125 image upload key cannot be null if you are replacing the screenshot, you must include the screenshotkey 403forbidden 4008 this content is not yours no ownership rights of content 4105 content is not ready for distribution unable to submit/change or no ownership rights of contents 4129 content is not ready for distribution unable to submit/change beta application 7001 required parameter is missing file request error 7002 sessionid does not exist to upload the file, please get the sessionid session id does not exist
Preferences Submitted
You have successfully updated your cookie preferences.