In-Page Configuration Token¶
Note
This property was introduced in Connector Script 3.
See the predecessor JWT Dynamic Paid Content API for integrations using Connector Script 2.
The In-Page Configuration Token allows you to publish new paid content without having to configure anything in Connector Admin Interface.
This is the most prominent change with Connector Script 3: You can now define Purchase Options of all Sales Models via the In-Page Configuration Token (Single Purchases, Time Passes and Subscriptions). It also allows for more granular control over which Purchase Options from Connector Admin Interface should be presented to the user.
Important
JWT allows LaterPay to securely verify that the configuration that is being communicated to us via the user’s browser is indeed the one created by you (the merchant). This security depends on your API Key being kept secret. Only you and LaterPay know this secret key.
Because of this, the tokens must be created (and signed with they key) server side and the secret key should never be disclosed to the public nor encoded in the JWT which is also public.
If possible, use one of the JWT libraries listed on https://jwt.io and avoid creating your own implementation of JWT.
Your secret API Key can be retrieved from the “Developer” section in Merchant Backend. The URL that you use to access Merchant Backend depends on the region and environment of your integration. You can find the appropriate URL in section URLs of Merchant Backend.
Create a signed JSON web token (JWT) containing the required Purchase Options and
sign it with your secret API Key. Then pass it as the In-Page Configuration Property laterpay:connector:config_token
:
Example
<script type="application/json" id="laterpay-connector">
{
"configToken": "[...]"
}
</script>
<meta property="laterpay:connector:config_token" content="[...]">
{
laterpayConnector: {
configToken: '[...]'
}
}
Note, that in the examples above, [...]
is used as a placeholder for the actual token. See
details on how to create the In-Page Configuration Token in the following sections.
JWT Object Properties¶
This is a JSON Web Token per RFC 7519, encoding In-Page Purchase Options and other options.
The JWT consists of three parts:
The header, defining the algorithm and type
The payload, defining the In-Page Purchase Options and other options
The signature
- Header
The header must use the
HS256
algorithm and theJWT
type:{ "alg": "HS256", "typ": "JWT" }
- Payload
The payload has one required key
purchase_options
. The keysignore_database_single_purchases
,ignore_database_subscriptions
,ignore_database_timepasses
, andtemplate
are optional.purchase_options
Required
An array of Purchase Options. Each element is an object with an
article_id
, aprice
, asales_model
and atitle
. For Subscriptions and Time Passes, adescription
and anexpiry
are also required.article_id
Required
Article IDs give more flexibility by allowing to use them on arbitrary sides or content, regardless of the URL.
An
article_id
has to match the RegEx^[a-zA-Z0-9_-]{1,128}$
.In other words, it’s a string consisting of letters, digits, hyphens and underscores no longer than 128 characters that is unique for the article being offered.
price
Required
An object stating the amount, currency, and Payment Model. For a 1.23 EUR “Pay Later” pricing, using this:
"price": { "amount": 123, "currency": "EUR", "payment_model": "pay_later" }
A 4.99 EUR “Pay Now” pricing looks like this:
"price": { "amount": 499, "currency": "EUR", "payment_model": "pay_now" }
sales_model
Required
Either “single_purchase”, “subscription”, or “timepass”.
title
Required
A human-readable string with at most 256 characters.
description
Required when ``sales_model`` is a Subscription or Time Pass
A human-readable string that is shown below the title. While the title for a Time Pass might be “Week pass”, the description could be “7 day access to all our premium content”.
expiry
Required when ``sales_model`` is ``subscription`` or ``timepass``
Defines the duration/expiration of the Subscription or Time Pass.
The
unit
can be one of"h"
,"d"
,"w"
, or"m"
for hour, day, week or month.The
value
can be any integer from 1 to 24 (including):"expiry": { "unit": "w", "value": 2 }
ignore_database_single_purchases
Optional
Boolean value that defines if Single Purchases that were defined through Connector Admin Interface should be ignored and thus should not be presented to the user.
ignore_database_subscriptions
Optional
Boolean value that defines if Subscriptions that were defined through Connector Admin Interface should be ignored and thus should not be presented to the user.
ignore_database_timepasses
Optional
Boolean value that defines if Time Passes that were defined through Connector Admin Interface should be ignored and thus should not be presented to the user.
template
Optional
Most times templates will be assigned to Purchase Options through Connector Admin Interface. If a different template should be used for this page, pass the UUID of the template here.
- Signature
The signature is the HMAC-SHA-256 over the base64 URL encoded header, concatenated with a
.
, concatenated with the base64 URL encoded payload. The key or secret for the signature function is the merchant’s secret.
Example¶
Given this payload:
{
"purchase_options": [
{
"article_id": "article_12345",
"price": {
"amount": 42,
"currency": "EUR",
"payment_model": "pay_later"
},
"sales_model": "single_purchase",
"title": "Team A wins over Team B"
},
{
"article_id": "category_sports",
"price": {
"amount": 899,
"currency": "EUR",
"payment_model": "pay_now"
},
"sales_model": "subscription",
"title": "Monthly Sports Subscription",
"description": "Monthly subscription to all our sports news",
"expiry": {
"unit": "m",
"value": 1
}
},
{
"article_id": "category_sports",
"price": {
"amount": 234,
"currency": "EUR",
"payment_model": "pay_now"
},
"sales_model": "timepass",
"title": "7 Days of Sport",
"description": "Access to all our sports news for 7 days",
"expiry": {
"unit": "d",
"value": 7
}
}
],
"ignore_database_single_purchases": true,
"template": "78c10144-1ee9-4547-a6b4-d16f742102cd"
}
and a merchant secret 2e910ba0f326421a8fa7dfe1621755e2
will result in a JWT
much like this (line breaks for readability):
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.
eyJwdXJjaGFzZV9vcHRpb25zIjpbeyJhcnRpY2xlX2lkIjoiYXJ0aWNsZToxMjM0NSIsInByaWN
lIjp7ImFtb3VudCI6NDIsImN1cnJlbmN5IjoiRVVSIiwicGF5bWVudF9tb2RlbCI6InBheV9sYX
RlciJ9LCJzYWxlc19tb2RlbCI6InNpbmdsZV9wdXJjaGFzZSIsInRpdGxlIjoiVGVhbSBBIHdpb
nMgb3ZlciBUZWFtIEIifSx7ImFydGljbGVfaWQiOiJjYXRlZ29yeTpzcG9ydHMiLCJwcmljZSI6
eyJhbW91bnQiOjg5OSwiY3VycmVuY3kiOiJFVVIiLCJwYXltZW50X21vZGVsIjoicGF5X25vdyJ
9LCJzYWxlc19tb2RlbCI6InN1YnNjcmlwdGlvbiIsInRpdGxlIjoiTW9udGhseSBTcG9ydHMgU3
Vic2NyaXB0aW9uIiwiZGVzY3JpcHRpb24iOiJNb250aGx5IHN1YnNjcmlwdGlvbiB0byBhbGwgb
3VyIHNwb3J0cyBuZXdzIiwiZXhwaXJ5Ijp7InVuaXQiOiJtIiwidmFsdWUiOjF9fSx7ImFydGlj
bGVfaWQiOiJjYXRlZ29yeTpzcG9ydHMiLCJwcmljZSI6eyJhbW91bnQiOjIzNCwiY3VycmVuY3k
iOiJFVVIiLCJwYXltZW50X21vZGVsIjoicGF5X25vdyJ9LCJzYWxlc19tb2RlbCI6InRpbWVwYX
NzIiwidGl0bGUiOiI3IERheXMgb2YgU3BvcnQiLCJkZXNjcmlwdGlvbiI6IkFjY2VzcyB0byBhb
Gwgb3VyIHNwb3J0cyBuZXdzIGZvciA3IGRheXMiLCJleHBpcnkiOnsidW5pdCI6ImQiLCJ2YWx1
ZSI6N319XSwiaWdub3JlX2RhdGFiYXNlX3NpbmdsZV9wdXJjaGFzZXMiOnRydWUsInRlbXBsYXR
lIjoiNzhjMTAxNDQtMWVlOS00NTQ3LWE2YjQtZDE2Zjc0MjEwMmNkIn0.
UxLfG9Dd9TZIfEWGyWKqv2yAIKCg94yD2ZkARwyJObo
This JWT will result in Connector Script showing no database defined Single
Purchases for this page, but all database defined Subscriptions and
Time Passes for this page. Additionally, a “Pay Later” Single Purchase for 42
Euro cents, a monthly Subscription for 8.99 EUR and a one-week Time Pass for
2.34 EUR will be shown. Lastly, the template Connector Service will return the
template with the ID 78c10144-1ee9-4547-a6b4-d16f742102cd
.