Boxo Connect

Introduction

Boxo Connect is a Single Sign-On (SSO) functionality that enables the host app to securely pass user profile information, allowing seamless authorization within the mini app. In essence, the Boxo Platform facilitates the transfer of user data from the host app backend to the mini app backend, ensuring smooth user authentication and returning a session token for continued access.

Boxo Connect flow

Here is diagram showcasing the hostapp user authorization inside miniapp

Authentication and User Authorization Flow

The user opens the host app and launches the mini app.
To proceed, the user must be identified (e.g., for product purchases or user registration).
The mini app calls Boxo.login().
The user is prompted to confirm access to their personal data required for authorization.
The Boxo native SDK retrieves an authorization code from the host app and sends an HTTPS request to the Boxo platform.
The Boxo platform forwards the authorization code via an HTTPS request to the host app backend.
The host app backend validates the authorization code and returns an access token.
The Boxo platform sends an HTTPS request with the access token to the host app backend to retrieve user data.
The host app backend validates the access token and returns user data.
The Boxo platform forwards the user data via an HTTPS request to the mini app backend.
The mini app backend registers a new user or identifies an existing one, then issues an authorization token to the Boxo platform.
The Boxo platform returns the authorization token to the Boxo native SDK.
The authorization token is passed to the mini app.
The mini app sends a request with the authorization token to the mini app backend to retrieve user data.
The mini app backend validates the authorization token and returns the user data.
The user is successfully authorized and can proceed within the mini app.

Setting up the backend

*Note: Feature must be enabled in Dashboard Partnership

Data format

Currently, data exchange is conducted in JSON format. String size limits are defined within the respective data types.

Get access token

This endpoint allows the Boxo platform to obtain an access token in exchange for an authorization code.

URL and METHOD

This endpoint must handle a HTTPS POST request URL to endpoint must be provided in Dashboard

Headers

Key	Value
Authorization	`<prefix> <base64 encoded(hostapp_client_id:hostapp_secret_key)>`
X-Miniapp-App-ID	`<app_id - Miniapp identifier>`

Default <prefix>: Token. Access token prefix can be set in Boxo Connect.
hostapp_client_id and hostapp_secret_key must be provided in Dashboard

Body

Field	Data type	Description
auth_code	String	Auth code provided by hostapp to Boxo SDK

Response

Response status must be 200 in all cases
Response body:

Field	Data type	Optional	Description
`access_token`	String(1000)	Yes	Access token for get user data request. To use in payments requests enable `Use access token` in Boxo Payments.
`error_code`	String	Yes	If some error is occured error code should be provided. Example: `{"error_code": "INVALID_AUTH_CODE"}` All error codes can be found here

Request Example:

    curl --location --request POST '[YOUR_SERVER_URL]/api/get_access_token/' \
    --header 'Content-Type: application/json' \
    --header 'Authorization: Basic {{BASE64_ENCODED_CLIENT_ID_AND_CLIENT_SECRET}}' \
    --data-raw '{ "authCode": "{{HOSTAPP_AUTH_CODE_THAT_COMES_FROM_SDK}}" }'

Get user data

This endpoint allows the Boxo platform to retrieve user data using an access token.

URL and METHOD

This endpoint must handle a HTTPS GET request
URL to endpoint must be provided in Dashboard

Headers

Key	Value
`Authorization`	`Token <access_token>`
`X-Miniapp-App-ID`	`<app_id - Miniapp identifier>`

Response:

Response status must be 200 in all cases
Response body:

Field	Data type	Optional	Description
`user_data`	UserData / EcryptedString	Yes	Hostapp user data, that could be sent as encrypted string. Refer to Security measures for more details
`error_code`	String	Yes	If some error is occured error code should be provided. Example: `{"error_code": "INVALID_ACCESS_TOKEN"}` All error codes can be found here

UserData

Field	Data type	Optional	Description
`reference`	String(100)		Reference to user in Hostapp Server
`email`	String	Yes	Verified user email address
`phone`	String	Yes	Verified user phone number in E.164 format
`first_name`	String	Yes	User’s first name
`last_name`	String	Yes	User’s last name
`custom_attributes`	JSON	Yes	Custom attributes

WARNING For Shopboxo miniapps either email or phone must be provided

Request Example:

    curl --location --request GET '[YOUR_SERVER_URL]/api/get_user_data/'\
    --header 'Content-Type: application/json' \
    --header 'Authorization: Token {{ACCESS_TOKEN}}'

Required fields

Each mini app requires a set of minimum fields to create a user within its system and generate a session for the newly created user. The specific required fields for each mini app can be found in its details on the Showroom page.

Below is a list of all possible fields:

email (required)
phone_number (required)
first_name
last_name
shipping_address
billing_address

Setting up the SDK

Initialization

Parameter Descriptions:

Within the SDK, there are specific parameters and methods that must be either provided or implemented to ensure proper functionality. app_id - Boxo miniapp app id

To launch a specific mini app, you must first call the initialization method.

iOS

let miniapp = Boxo.shared.getMiniapp(appId: "app_id")
miniapp.delegate = self
miniapp.open(viewController: self)
...
extension ViewController : MiniappDelegate {
    func onAuth(miniapp: Miniapp) {
        miniapp.setAuthCode(authCode: "[AUTH_CODE]")
    }
}

Android

val miniapp = Boxo.getMiniapp("app_id")
miniapp.setAuthListener { boxoActivity, miniapp ->
    //get AuthCode from hostapp backend and send it to miniapp
    //use boxoActivity to open dialogs or activity
    miniapp.setAuthCode("auth_code")
}
miniapp.open(activity)

Flutter


Boxo.openMiniapp('app_id');
Boxo.lifecycleHooksListener(
    onAuth: (appId) { // called when authorization flow starts
        //get AuthCode from hostapp backend and send it to miniapp
        Boxo.setAuthCode('app_id', 'auth_code');
    }
);

ReactNative

Boxo.openMiniapp('app_id')
Boxo.lifecycleHooksListener({
    onAuth: (appId: string) => {
        //get AuthCode from hostapp backend and send it to miniapp
        Boxo.setAuthCode('app_id', 'auth_code');
    },    
});

WARNING When a user logs out of the host app, ensure that the WebView cache is cleared using the following commands: Boxo.logout() for Android or Boxo.shared.logout() for iOS so that the miniapps’ storage is also cleared to log out the miniapp users as well.

This is Boxo endpoint to get status of user consent in Boxo Platform

URL and METHOD

This is HTTPS GET /api/v1/accounts/consent/get_consent/ endpoint

Query Parameters:

Parameter	Data type	Description
`client_id`	String	Hostapp identifier
`app_id`	String	Miniapp identifier
`user_reference`	String	Reference to user in Hostapp Server
Response:

{
   “is_consented”: <Bool>
}

Welcome

Host Apps

Miniapps

API References

White Label Miniapps

Changelog

Introduction

Boxo Connect flow

Setting up the backend

Get access token

Get user data

Setting up the SDK

iOS

Android

Flutter

ReactNative

Query Parameters:

Welcome

Host Apps

Miniapps

API References

White Label Miniapps

Changelog

​Introduction

​Boxo Connect flow

​Setting up the backend

​Get access token

​Get user data

​Setting up the SDK

​iOS

​Android

​Flutter

​ReactNative

​Get user consent

​Query Parameters:

Introduction

Boxo Connect flow

Setting up the backend

Get access token

Get user data

Setting up the SDK

iOS

Android

Flutter

ReactNative

Get user consent

Query Parameters: