Fixed bug with Advanced Compliance and Integration Validator

[rob-gioia-branch]

Updated getBaseURLForLinkingEndpoints() to take in a bool parameter for whether or not it should use the custom endpoint.

Reference

INTENG-22685

Summary

If a customer is using Advanced Compliance and then runs the Integration Validator code, the Integration Validator will not work. This is because the protected-api endpoint gets used for the requests, and there is no app-settings protected equivalent for that endpoint. Since the Integration Validator code is never released into the wild, but only used for testing, we can safely keep that endpoint going to the regular Branch endpoint, with all other calls like opens, installs, etc... still going through the protected endpoint for Advanced Compliance customers. To address this, I've added a boolean parameter to the getBaseURLForLinkingEndpoints() function, which can take in false in the case of any test code, like the integration validator, so that the regular endpoint (instead of protected-api) is used.

Motivation

To fix the bug caused when the protected API URL is set before the integration validator is run:
[Branch setAPIUrl:@"https://protected-api.branch.io"];
[branch validateSDKIntegration];

Type Of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

Testing Instructions

1. In the existing (main) version prior to this PR, run the Integration Validator after setting the protected endpoint

[Branch setAPIUrl:@"https://protected-api.branch.io"];
[branch validateSDKIntegration];

2. Observe the integration validator does not work properly

3. From this PR's code, do the same
4. Observe the integration validator works properly

cc @BranchMetrics/saas-sdk-devs for visibility.

[matter-code-review]

Summary By MatterAI

🔄 What Changed

This Pull Request addresses a critical bug related to Branch's Advanced Compliance feature and the Integration Validator. The core change is in the Sources/BranchSDK/BNCServerAPI.m file.

• Method Signature Update: The getBaseURLForLinkingEndpoints method now accepts a new BOOL parameter, useCustomURL. This parameter controls whether the method should return a custom (protected) API URL or the standard Branch API URL.
• Conditional Logic: Inside getBaseURLForLinkingEndpoints, the logic for returning self.customAPIURL has been updated from if (self.customAPIURL) to if (useCustomURL && self.customAPIURL). This ensures the custom URL is only used when explicitly allowed by the new parameter.
• Call Site Updates:
  • Calls to getBaseURLForLinkingEndpoints from linkServiceURL, qrcodeServiceURL, and latdServiceURL now pass YES for useCustomURL, maintaining their existing behavior of potentially using the custom API URL.
  • Crucially, the validationServiceURL call to getBaseURLForLinkingEndpoints now passes NO for useCustomURL. This forces the Integration Validator to always use the standard Branch endpoint, bypassing any configured protected API URL.

🔍 Impact of the Change

This fix resolves a bug (INTENG-22685) where the Branch Integration Validator would fail to function correctly if a customer had enabled Advanced Compliance and set a protected API URL (e.g., https://protected-api.branch.io). Previously, the validator's requests would incorrectly attempt to use the protected endpoint, which lacks an equivalent for the app-link-settings endpoint, leading to validation failures. By ensuring the Integration Validator always uses the standard endpoint, its functionality is restored without affecting other API calls that should go through the protected endpoint for Advanced Compliance customers. This change is safe as the Integration Validator is primarily an internal testing tool.

📁 Total Files Changed

• 1 file modified: Sources/BranchSDK/BNCServerAPI.m
• 7 additions, 6 deletions, for a total of 13 changes.

🧪 Test Added

While no automated tests were added, the PR provides clear manual testing instructions to verify the fix:

1. Pre-PR State: Run the Integration Validator after setting the protected endpoint ([Branch setAPIUrl:@"https://protected-api.branch.io"]; [branch validateSDKIntegration];). Observe that the validator does not work properly.
2. Post-PR State: Apply the changes from this PR and repeat the same steps. Observe that the Integration Validator now works properly, confirming the bug is resolved.

🔒 Security Vulnerabilities

No new security vulnerabilities were introduced or detected by these changes. The modification primarily concerns API endpoint routing logic and does not involve changes to authentication, authorization, or sensitive data handling that would pose a security risk.

Tip

Quality Recommendations

1. Consider adding a comment to the validationServiceURL method explaining why NO is passed to getBaseURLForLinkingEndpoints to explicitly state its exception from custom URL usage, enhancing readability for future maintainers.

Sequence Diagram

sequenceDiagram
    participant App as Application
    participant BranchSDK as Branch SDK
    participant BNCServerAPI as BNCServerAPI.m
    participant BranchAPI as Branch API (Standard)
    participant ProtectedAPI as Branch API (Protected/Custom)

    App->>BranchSDK: Branch setAPIUrl("https://protected-api.branch.io")
    App->>BranchSDK: branch validateSDKIntegration()

    BranchSDK->>BNCServerAPI: validationServiceURL()
    BNCServerAPI->>BNCServerAPI: getBaseURLForLinkingEndpoints(useCustomURL: NO)
    BNCServerAPI-->>BranchAPI: Returns Standard URL for /v1/app-link-settings
    BranchSDK->>BranchAPI: Make validation request
    BranchAPI-->>BranchSDK: Validation Response
    BranchSDK-->>App: Integration Validator Result

    Note over BranchSDK,ProtectedAPI: For other services (e.g., linkServiceURL, qrcodeServiceURL, latdServiceURL)
    BranchSDK->>BNCServerAPI: otherServiceURL()
    BNCServerAPI->>BNCServerAPI: getBaseURLForLinkingEndpoints(useCustomURL: YES)
    alt useCustomURL is YES AND customAPIURL is set
        BNCServerAPI-->>ProtectedAPI: Returns Protected URL
    else useCustomURL is YES AND customAPIURL is NOT set OR useCustomURL is NO
        BNCServerAPI-->>BranchAPI: Returns Standard URL
    end
    BranchSDK->>BranchAPI: Make service request
    BranchAPI-->>BranchSDK: Service Response

Loading

[matter-code-review]

The PR addresses a bug with the Advanced Compliance and Integration Validator by adding a parameter to control when custom API URLs should be used. The implementation looks good, but I have a few suggestions to improve code clarity and maintainability.

[matter-code-review]

💡 Optional Recommendation

Issue: The code doesn't have any logging when switching between custom and standard URLs.
Fix: Consider adding debug logging to help with troubleshooting.
Impact: Would make it easier to debug URL-related issues in production environments.

Suggested change

	- (NSString *)getBaseURLForLinkingEndpoints: (BOOL)useCustom {
	if (useCustom && self.customAPIURL) {
	return self.customAPIURL;
	}
	- (NSString *)getBaseURLForLinkingEndpoints: (BOOL)useCustom {
	if (useCustom && self.customAPIURL) {
	BNCLogDebug(@"Using custom API URL: %@", self.customAPIURL);
	return self.customAPIURL;
	}
	BNCLogDebug(@"Using standard API URL");

[matter-code-review]

Important

PR Review Skipped

PR review skipped as per the configuration setting. Run a manually review by commenting /matter review

💡Tips to use Matter AI

Command List

• /matter summary: Generate AI Summary for the PR
• /matter review: Generate AI Reviews for the latest commit in the PR
• /matter review-full: Generate AI Reviews for the complete PR
• /matter release-notes: Generate AI release-notes for the PR
• /matter : Chat with your PR with Matter AI Agent
• /matter remember : Generate AI memories for the PR
• /matter explain: Get an explanation of the PR
• /matter help: Show the list of available commands and documentation
• Need help? Join our Discord server: https://discord.gg/fJU5DvanU3