TrustPin Kotlin SDK/cloud.trustpin.kotlin.sdk/TrustPinMode/PERMISSIVE

PERMISSIVE

PERMISSIVE

Permissive mode: Allows selective certificate pinning validation.

In permissive mode, TrustPin validates certificates for registered domains while allowing connections to unregistered domains to proceed without pinning validation. This provides flexibility for applications that need to connect to dynamic services while still securing critical API endpoints.

Behavior

  • Registered domains: Certificate validation performed against configured pins

  • Unregistered domains: Bypasses pinning validation with informational log message

  • Pin mismatches: Throws TrustPinError.PinsMismatch for registered domains

  • Expired pins: Throws TrustPinError.AllPinsExpired for registered domains

Use Cases

  • Development and staging environments with test servers

  • Applications with dynamic endpoints (user-generated content, third-party services)

  • Gradual migration to certificate pinning in existing applications

  • Third-party SDK integrations with unknown domains

  • Hybrid applications connecting to both controlled and external services

Security Considerations

While permissive mode provides flexibility, consider these security implications:

  • Partial protection: Only registered domains receive pinning validation

  • Monitoring required: Log unregistered domain access for security analysis

  • Gradual hardening: Plan migration to strict mode for production

Migration Path

Use permissive mode as a stepping stone to strict mode:

// Phase 1: Identify all domains
trustPin.setLogLevel(TrustPinLogLevel.INFO)
TrustPin.setup(mode = TrustPinMode.PERMISSIVE)

// Phase 2: Register critical domains
// (Register domains in TrustPin dashboard)

// Phase 3: Enforce strict validation
TrustPin.setup(mode = TrustPinMode.STRICT)
Content copied to clipboard

Properties

Link copied to clipboard
val name: String
Link copied to clipboard
val ordinal: Int
Generated by Dokka
© 2026 TrustPin. All rights reserved. | Website | License