App Extensions

Overview

HandCash apps can build on top of other HandCash apps, as some apps provide APIs for other developers. From the authentication perspective, users just need to authorize each service involved in this interaction

However, that creates a friction point from the user perspective as it requires authorizing each app sequentially (authorize app 1, then app 2, then app 3...).

User connecting to multiple apps without extensions.

User connecting to multiple apps without extensions.

App extensions allow developers to define which applications need to be authorized in addition to their own apps. That way, when users require to authorize your app they can authorize multiple apps in the same flow.

  • Parent app: receives the authToken via redirection.
  • App extensions: receive the authTokenvia webhook.
User connecting to an app with extensions.

User connecting to an app with extensions.

Add extensions to your app

You can use the Dashboard to define from which apps your app needs to extend.

Extensions section preview from the dashboard.

Extensions section preview from the dashboard.

All you need is the appId of the extended app. Additionally, the extended app needs to be previously configured as an app extension.

Add extension dialog preview from the dashboard.

Add extension dialog preview from the dashboard.

Make your app extendible

If you want to allow other apps to extend from your app, you need to make your app extendible first.

First, you need to define the authorizationWebook. This is used to receive notifications when your app has been authorized as an extended app.

Once authorizationWebook you can enable your app as an extension.

Authorization webhook

When your app is authorized as an extended app, HandCash will send you the regular authToken via POST to the URL defined under authorizationWebook.

The HTTP includes the following JSON body:

{
  	authToken: 'string',
  	extendedAppId: 'string'
}
  • authToken: regular token you can use to access the user account and trigger payments.
  • extendedAppId: ID of the app using your app as an extension. You can store it to know the context of this authToken.

Extensions used as an API

If your app has an API that other HandCash apps use, this can be used to check if a certain app has access to access to a specific user account.

Example of interaction between users and apps.

Example of interaction between users and apps.

Your API must be able to identify the user and the app making the call. If your app was App 2 in the diagram above you should check that User has an authToken whose extendedAppId that matches with App 1