Architecture

- Keep the SDK in a normal browser page inside the WebView.
- Use a narrow bridge message for admission, errors, and navigation.
- Validate the admission handoff inside your app or backend before protected actions.
Web Page Example
The hosted page can use the React widget.React Native WebView
iOS WKWebView
For iOS, add a message handler and parse the same bridge payload.Android WebView
For Android, enable JavaScript and expose a narrow bridge.Security And Privacy Checklist
- Load only your first-party Fanfare page in the WebView.
- Use HTTPS in production.
- Keep publishable credentials in the web page and secret credentials on your server.
- Send grants to your own app or backend, not to third-party logs.
- Do not encode grants in deep links.
- Show generic customer-safe error copy for gated or denied states.
Testing
- Test a clean app install and a returning session.
- Test WebView reload, app backgrounding, and network interruption.
- Confirm bridge messages are handled once.
- Confirm native checkout receives only the values it needs.
- Confirm screenshots, crash reports, and analytics do not include grants or raw snapshots.