Skip to Content
OperationsFaq

Frequently asked questions

Does the SDK store biometric data on the client?

No. The captured frame is uploaded and discarded; only a synthesised per-origin client identifier persists in localStorage for audit attribution.

Can I run this in React Native, Cordova, or Capacitor?

No. The SDK depends on browser-only APIs — MediaDevices, Worker, <canvas>, and the WebAssembly streaming compiler. Use the platform’s native biometric SDK on mobile.

Why does my ClientSecret keep expiring?

ClientSecrets carry a configurable TTL — anywhere from a few hours up to a year — set when the token is issued. If your tokens are expiring sooner than you’d like, ask your Slade ID integration contact to issue ones with a longer TTL.

This token flow is an interim arrangement and will be deprecated in favour of a more mature auth handshake in a future release. The SDK API will not change; only the way you obtain and refresh credentials will. Plan for it but don’t redesign your integration around the current flow.

Does the SDK work in an iframe?

Yes, with two caveats:

  • The parent page’s CSP must allow camera access. Specifically, the iframe needs allow="camera" on its <iframe> tag, and the parent’s permissions-policy header must allow camera.
  • Some browsers prompt the user separately for camera access inside an iframe, even on a same-origin frame.

Can I capture without showing the video?

Yes. The <video> element does not need to be visible; you can position it off-screen with CSS. Do not set display: none — that pauses the stream on most browsers. Use visibility: hidden or position it outside the viewport instead.

Browser support matrixSupport