Two-way Strong ¦ Sign In ¦ New User

Application Programming Interface (API)



User Account


Test Environment

Web Application



Session Check

Session Check (Static)


Logout (Static)

Mobile Application

Mobile Login Check

Key Data Fields

Response Messages

Demo Examples

Powered By (Credit)

Technical Support


User Login Check Function

The following steps show how to implement the login check function. The complete source code is available at the end. It isn't necessary to implement this function in every Android activity that requires the user to log in. The function can be implemented in the first activity that opens when the mobile application is launched. The function can also be implemented in the activity that the user will access most frequently such as a main menu activity. A successful response from the Two-way Strong User Authenticator will send a unique session identifier. The software developer can then store this session identifier in the mobile application and use it when accessing other Android activities. Those other activities will rely on the unique session identifier to know who is the user and whether or not the user is logged in. This approach reduces the number of times that the mobile application will need to connect to Two-way Strong.

Note that the test environment is not available for the software developer to test the login check function before moving to the live environment. The developer's implementation runs immediately in the live environment.

Step 1: Replace INSERT API KEY with your API Key.

private static final String apiKey = "INSERT API KEY";

Step 2: Set the layout to the one that you will use in setContentView.


Step 3: Add the getSessionID() method. This method retrieves the user's session identifier from a private preferences file stored in the mobile app. This method is required to send data to the Two-way Strong User Authenticator.

    protected String getSessionID() {
        SharedPreferences pref = getSharedPreferences("TwowayStrongUserInfo", MODE_PRIVATE);
        return pref.getString("sessionID", "");

Step 4: Add the setUserInfo() method. This method saves the user's session identifier and user role in a private preferences file stored in the mobile app.

    protected void setUserInfo(String sessionID, String userRole) {

        SharedPreferences pref = getSharedPreferences("TwowayStrongUserInfo", MODE_PRIVATE);
        SharedPreferences.Editor prefEdit = pref.edit();
        prefEdit.putString("sessionID", sessionID);
        prefEdit.putString("userRole", userRole);


Step 5: Add the doLoginCheck() method. This method will connect to the Two-way Strong User Authenticator. If the User Authenticator is not installed, the user will be prompted to download the software. The API Key and session identifier are required parameters.

    protected void doLoginCheck() {

        boolean canCheck = false;
        Intent intentSend = new Intent();
        intentSend.putExtra("apiKey", apiKey);
        intentSend.putExtra("sessionID", getSessionID());

        PackageManager pm = getPackageManager();
        List activities = pm.queryIntentActivities(intentSend, PackageManager.MATCH_DEFAULT_ONLY);
        canCheck = activities.size() > 0;

        if (canCheck) {
            // Two-way User Authenticator exists for checking user login.
            startActivityForResult(intentSend, loginCheck);
        } else {
            // Download Two-way Strong User Authenticator.
            Uri externalLink = Uri.parse("");
            Intent doIntent = new Intent(Intent.ACTION_VIEW, externalLink);


Step 6: Add the onActivityResult() method. This method handles the response from connecting to the Two-way Strong User Authenticator. The response returns an indicator showing whether user authentication is a success or a failure, and on success returns the user's session identifier and user role. On success, the method saves the user's session identifier and user role. On failure, the user will be redirected to a new activity. The developer must create this new activity or can modify the failure part of the code block to do something else.

    protected void onActivityResult(int requestCode, int resultCode, Intent data) {

        switch (requestCode) {
            case loginCheck:
                if (resultCode == RESULT_OK) {
                    Bundle resultData = data.getExtras();
                    String resultResponse = resultData.getString("resultResponse", "");

                    if (resultResponse.equals("OK")) {
                        // User authentication passes. Set user specific information.
                        String sessionID = resultData.getString("sessionID", "");
                        String userRole = resultData.getString("userRole", "");
                        setUserInfo(sessionID, userRole);
                    } else {
                        // User authentication fails. Redirect to different activity.
                        Intent doIntent = new Intent(this, inaccessible.class);
                throw new IllegalArgumentException();


Step 7: Execute the doLoginCheck() method immediately by adding it in the onCreate() method.

    protected void onCreate(Bundle savedInstanceState) {


Download the complete source code.