SecuGen Connect Developer Guide
Native SDK · FDx SDK Pro

Native SDK Wrapper Guide

The native wrappers let existing FDx SDK Pro applications target SecuGen Connect with minimal code change. Linux, macOS, and Windows ship a shared C API matching the legacy SGFPM_* signatures; Android ships a Java JSGFPLib class with the same lifecycle. Each wrapper is a thin client that forwards to the local Connect bridge over HTTP.

All wrappers are thin clients. They translate FDx-SDK-style calls into bridge HTTP calls against http://127.0.0.1:4499 and translate bridge responses back into SGFDxErrorCode values. There is no native binary replacement for sgfplib.dll / libsgfplib — the Connect bridge owns the device.

The wrapper family

RepositoryPlatformLanguage / surfaceVersion
sdk-fdxsdkpro-connect-LinuxLinuxC API (SGFPM_*)0.2.1
sdk-fdxsdkpro-connect-macOSmacOSC API (SGFPM_*)0.2.1
sdk-fdxsdkpro-connect-WindowsWindowsC API (SGFPM_*) + C++ shim0.2.1
sdk-fdxsdkpro-connect-androidAndroidJava (JSGFPLib)0.2.1

The Linux, macOS, and Windows wrappers compile from a byte-identical shared C source tree (src/sgfplib.c); only the build system and packaging differ per platform (Makefile on Linux/macOS, CMake / build.bat on Windows). The browser/TypeScript wrapper (sdk-webapi-connect) is covered separately in the WebAPI Migration Guide.

v0.2.1 — bridge endpoint migration. All wrappers now default to http://127.0.0.1:4499. Earlier builds targeted the legacy https://127.0.0.1:8765; the restructured Connect bridge serves plain HTTP on loopback (primary port 4499, fallback range 4499→4494), so a wrapper pinned to the old port/scheme fails at the transport layer (TLS handshake against a plain-HTTP server / connection refused on 8765).

Transport

Endpoint mapping

The wrappers call the bridge's standard /v1 REST endpoints:

Wrapper operationBridge endpoint
Init / readiness probe · versionGET /v1/health
Device enumeration / infoGET /v1/info
Session bootstrap (transparent)POST /v1/session/start
Capture + template extractionPOST /v1/fingerprint/capture
1:1 match / scorePOST /v1/match/score

Capture and template creation are served by a single POST /v1/fingerprint/capture call — it returns both the image (when requested) and the extracted template, so SGFPM_CreateTemplate reuses the capture response rather than a separate extract round-trip.

Not served by the current bridge: WSQ

SGFPM_EncodeWSQ / SGFPM_DecodeWSQ (and the Android WSQEncode / WSQDecode) remain in the API for source compatibility, but the restructured bridge exposes no /v1/wsq/* route — capture returns raw8 / png image bytes only. These calls receive an HTTP 404/501 and return SGFDX_ERROR_NO_LONGER_SUPPORTED. The functions are deliberately kept (not removed) so existing code compiles unchanged, and they will begin working automatically if a future bridge re-introduces WSQ.

Error handling

HTTP / API failures are mapped to representative SGFDxErrorCode values.

Underlying failureSGFDxErrorCode
Bridge unreachable / init failedSGFDX_ERROR_INITIALIZE_FAILED
TimeoutSGFDX_ERROR_TIME_OUT
Device not foundSGFDX_ERROR_DEVICE_NOT_FOUND
Bad request / invalid paramSGFDX_ERROR_INVALID_PARAM
WSQ route absent on the bridgeSGFDX_ERROR_NO_LONGER_SUPPORTED

Android specifics

The Android wrapper (SecuGen.FDxSDKPro.JSGFPLib) uses OkHttp and is otherwise API-compatible with the C lifecycle (Init, OpenDevice, GetImage, CreateTemplate, MatchTemplate, GetMatchingScore, …). Because the default transport is now cleartext HTTP to loopback, Android's network-security policy (API 28+) blocks it without an explicit opt-in:

Migration strategy

  1. Keep the existing flow: Create → Init → Open → Capture / CreateTemplate → Match → Close.
  2. Confirm the Connect bridge is reachable at http://127.0.0.1:4499 (or your configured override URL).
  3. For templates generated outside the wrapper, set the template format with SGFPM_SetTemplateFormat before matching.
  4. Validate with one end-to-end capture + match scenario before real-device rollout.

Validation checklist

  1. Bridge reachable at http://127.0.0.1:4499 (or the configured override) — GET /v1/health returns {"ok":true}.
  2. SGFPM_Init returns SGFDX_ERROR_NONE.
  3. SGFPM_EnumerateDevice returns at least one device.
  4. Two captures produce a match score and a boolean match result.
  5. Error path: stop the bridge and verify SGFDX_ERROR_INITIALIZE_FAILED; disconnect the device and verify SGFDX_ERROR_DEVICE_NOT_FOUND.
  6. Android: confirm the loopback cleartext rule is active (capture succeeds on API 28+), or that an https override is configured.

Lifecycle parallelism

Every wrapper preserves the legacy FDx SDK Pro lifecycle — only the binding mechanism changes:

// Legacy FDx SDK Pro (native C)
HSGFPM h; SGFPM_Create(&h);
SGFPM_Init(h, SG_DEV_AUTO);
SGFPM_OpenDevice(h, 0);
SGFPM_GetImage(h, buf);
SGFPM_CreateTemplate(h, NULL, buf, tpl1);
// ... second capture ...
SGFPM_GetMatchingScore(h, tpl1, tpl2, &score);
SGFPM_CloseDevice(h);

// SecuGen Connect — same C API, bridge-backed (http://127.0.0.1:4499)
HSGFPM h; SGFPM_Create(&h);
SGFPM_Init(h, SG_DEV_AUTO);                 // → GET  /v1/health  (+ POST /v1/session/start transparently)
SGFPM_OpenDevice(h, 0);                     // → GET  /v1/info
SGFPM_GetImage(h, buf);                     // → POST /v1/fingerprint/capture
SGFPM_CreateTemplate(h, NULL, buf, tpl1);  // template returned by the same capture call
// ... second capture ...
SGFPM_GetMatchingScore(h, tpl1, tpl2, &score); // → POST /v1/match/score
SGFPM_CloseDevice(h);

Application code keeps the same call sequence, the same constants, and the same response semantics. The wrapper handles session lifecycle, authentication, transport (HTTP by default, HTTPS for a configured LAN host), and error-code translation internally.