Token Postback for system integrations

How to create an effective authentication using postback

You may want to postback the users token when they install your application. We can do this by setting the PostbackUrl parameter like below:

{
  "modules": 
    [{
      "type": "ExternalApplication",
      "parameters": 
        [{
          "name": "PostbackUrl",
          "value": "http:\/\/www.google.co.uk?token=[{TOKEN}]&tracking=[{TRACKING}]"
        }]
    }]
}

The PostbackUrl takes a value of a URL with the ability to replace two values:

  • [{TOKEN}]
    • The authorization token that was generated from the install. Use this to generate a session through AuthorizeByApplication.
    • Required
  • [{TRACKING}]
    • A string based tracking code that you provided in the install URL
    • Optional

Note if you wish to use these fields you must place them in the URL exactly as stated above.

TOKEN

A guid based token. This is used to make calls to the API on behalf of the user.

TRACKING

Tracking allows you to track installations. This means that you can generate a new tracking token for each install, which helps you to determine if a user has successfully installed the application from your URL.

You can take your installation link (eg. https://apps.linnworks.net/Authorization/Authorize/4244f1af-4c27-4175-8f6a-8b46fe9e7442) and adjust it to have the token. You should make sure to generate a new token for each user:

Now, when the user clicks this link and installs your application, the Authorization token and the Tracking token of "TrackingToken" will be provided.

Save the manifest, create new version and set that version to live.

When a user installs this now, it will send it back to your website with a token. You should take this token, pass it into AuthorizeByApplication. This will then return a session with a user email and id. You can then use the token for the session and server for the session to make API calls.