Skip to Content
API ReferenceOTA Check API

OTA Check API

Mobile devices use the OTA check endpoint to check for available updates.

Endpoint

GET /api/update/check/{bundleId}

Authentication: None required (public endpoint)

Parameters

Path Parameters

ParameterTypeDescription
bundleIdstringApp bundle identifier (e.g., com.example.myapp)

Query Parameters

ParameterRequiredTypeDescription
currentVersionYesstringCurrent app version (e.g., 1.0.0)
currentBuildNostringCurrent build number
platformNostringPlatform: ios, android, visionos
fingerprintNostringCurrent runtime fingerprint hash
configurationNostringDeployment target config (e.g., prod, stg)

Request Example

curl "https://norrix.net/api/update/check/com.example.myapp?currentVersion=1.0.0&currentBuild=42&platform=ios&fingerprint=abc123...&configuration=prod"

Response

Update Available

{
  "updateAvailable": true,
  "requiresStoreUpdate": false,
  "platform": "ios",
  "version": "1.0.1",
  "buildNumber": "43",
  "releaseNotes": "Bug fixes and performance improvements",
  "url": "https://s3.amazonaws.com/...",
  "expiresAt": "2024-01-15T11:00:00.000Z",
  "compatibilityReason": null
}

No Update Available

{
  "updateAvailable": false,
  "message": "No update available"
}

Store Update Required

When the update has incompatible native changes:

{
  "updateAvailable": true,
  "requiresStoreUpdate": true,
  "platform": "ios",
  "version": "2.0.0",
  "buildNumber": "50",
  "releaseNotes": "Major update with new features",
  "url": "https://s3.amazonaws.com/...",
  "expiresAt": "2024-01-15T11:00:00.000Z",
  "compatibilityReason": "Native plugin version changed: @nativescript/camera 4.5.0 -> 5.0.0"
}

Response Fields

FieldTypeDescription
updateAvailablebooleanWhether an update is available
requiresStoreUpdatebooleanWhether a store update is needed
platformstringPlatform (ios/android/visionos)
versionstringUpdate version
buildNumberstringUpdate build number
releaseNotesstringRelease notes
urlstringSigned download URL
expiresAtstringURL expiration timestamp
compatibilityReasonstringWhy store update is required
messagestringStatus message

Version Comparison

The API uses semantic version comparison:

  1. Version: Compared as semver (1.0.1 > 1.0.0)
  2. Build Number: Compared numerically if versions match (42 > 41)

An update is available when:

  • Update version > current version, OR
  • Versions are equal AND update build > current build

Fingerprint Matching

When fingerprint is provided:

  1. Server looks up the update’s stored fingerprint
  2. Compares with the device’s fingerprint
  3. If mismatch: requiresStoreUpdate: true with compatibilityReason

Fingerprint Components

The fingerprint hash includes:

  • Native plugin versions
  • App_Resources hash
  • NativeSource hash

See Fingerprinting for details.

Download URL

The url field contains a pre-signed S3 URL:

  • Valid for 1 hour (check expiresAt)
  • Download immediately after receiving
  • Re-check if URL expires

Error Responses

Missing Bundle ID

{
  "error": "Bad Request",
  "message": "Bundle ID is required"
}

HTTP Status: 400

Missing Version

{
  "error": "Bad Request",
  "message": "currentVersion is required"
}

HTTP Status: 400

Not Found

{
  "updateAvailable": false,
  "message": "No updates found for this bundle"
}

HTTP Status: 200 (not an error)

SDK Integration

The Client SDK calls this endpoint automatically:

// SDK handles this internally
const checkUrl = `${updateUrl}/api/update/check/${bundleId}?currentVersion=${version}&platform=${platform}&fingerprint=${hash}&configuration=${config}`;

Manual Usage

async function checkForUpdate() {
  const bundleId = getBundleId();
  const version = getAppVersion();
  const fingerprint = getFingerprint();
  const configuration = getConfiguration(); // e.g., 'prod', 'stg'
 
  const response = await fetch(
    `https://norrix.net/api/update/check/${bundleId}?` +
      `currentVersion=${version}&` +
      `platform=ios&` +
      `fingerprint=${fingerprint}&` +
      `configuration=${configuration}`
  );
 
  return await response.json();
}

Caching

The endpoint includes cache headers:

Cache-Control: no-cache, no-store, must-revalidate

Always fetch fresh results. Don’t cache OTA check responses.

AuthenticationOverview