App Extensions
Overview
HandCash apps can build on top of other HandCash apps, as some apps provide APIs for other developers. From the authentication perspective, users just need to authorize each service involved in this interaction
However, that creates a friction point from the user perspective as it requires authorizing each app sequentially (authorize app 1, then app 2, then app 3...).

User connecting to multiple apps without extensions.
App extensions allow developers to define which applications need to be authorized in addition to their own apps. That way, when users require to authorize your app they can authorize multiple apps in the same flow.
- Parent app: receives the
authToken
via redirection. - App extensions: receive the
authToken
via webhook.

User connecting to an app with extensions.
Add extensions to your app
You can use the Dashboard to define from which apps your app needs to extend.

Extensions section preview from the dashboard.
All you need is the appId
of the extended app. Additionally, the extended app needs to be previously configured as an app extension.

Add extension dialog preview from the dashboard.
Make your app extendible
If you want to allow other apps to extend from your app, you need to make your app extendible first.
First, you need to define the authorizationWebook
. This is used to receive notifications when your app has been authorized as an extended app.
Once authorizationWebook
you can enable your app as an extension.
Authorization webhook
When your app is authorized as an extended app, HandCash will send you the regular authToken
via POST
to the URL defined under authorizationWebook
.
The HTTP includes the following JSON body:
{
authToken: 'string',
extendedAppId: 'string'
}
authToken
: regular token you can use to access the user account and trigger payments.extendedAppId
: ID of the app using your app as an extension. You can store it to know the context of thisauthToken
.
Extensions used as an API
If your app has an API that other HandCash apps use, this can be used to check if a certain app has access to access to a specific user account.

Example of interaction between users and apps.
Your API must be able to identify the user and the app making the call. If your app was App 2 in the diagram above you should check that User has an authToken
whose extendedAppId
that matches with App 1
Updated 10 months ago