Manual Identification URL¶
Merchants can redirect or link the users to this endpoint in order to “restore access” for a user to a specific item in case when a merchant is unable to confirm that the user has access to an item. This can happen when:
Merchant currently has no lptoken for a user or has one that has expired or one that points to a different user who has no access to an item.
A LaterPay user might have access to an item but the merchant is unable to confirm it using a MUID that they currently use for that user. This could happen if a merchant offered a purchase to a user using a different MUID before or simply without specifying a MUID.
In the above situations merchants can present a URL to this endpoint as a link labeled “I already purchased this” for example.
When a user visits this URL, LaterPay will identify them and check if they have access to the articles specified by the merchant in the URL’s configuration.
If the user has access, then LaterPay will redirect them to the
back
URL specified by the merchant.If they don’t have access, they will see a dialog allowing them to sign in to their LaterPay account and if they do sign in, then LaterPay will again check the access. Users can also cancel this dialog at any time which will result in redirection to the
back
URL.
If the merchant doesn’t specify a MUID in the URL’s configuration, then when the
user is redirected back to the merchant’s page, LaterPay will append an
lptoken
param to the back
URL and the merchant will be able to receive
it this way. See Receiving User Tokens
for more details.
If the merchant specifies a MUID, then this MUID will be associated with the user’s LaterPay identity upon them visiting the manual identification URL.
This endpoint can be used as an extended alternative to /gettoken if a merchant uses lptokens to identify LaterPay users.
Configuration¶
Base URLs:
https://web.laterpay.net (EU Production)
https://web.uselaterpay.com (US Production)
Ident URL: /ident/<merchant_id>/<config_jwt>/
Merchant configures the URL for this endpoint, specifying:
<merchant_id> is the merchant’s ID.
<config_jwt> is a JSON Web Token (JWT) signed with merchant’s secret key using JWT’s HS256 signing algorithm, containing these fields:
A required
ids
array, containing of article IDs to check access for when the user visits the URL.A required
back
string containing a URL to redirect the user to after they finish their interaction with the dialog.An optional
muid
string containing a MUID. If this field is included, then LaterPay will not append an lptoken param to theback
URL when redirecting the user back.
Important
JWT allows LaterPay to securely verify that the configuration that is being communicated to us via the user’s browser is indeed the one created by you (the merchant). This security depends on your API Key being kept secret. Only you and LaterPay know this secret key.
Because of this, the tokens must be created (and signed with they key) server side and the secret key should never be disclosed to the public nor encoded in the JWT which is also public.
If possible, use one of the JWT libraries listed on https://jwt.io and avoid creating your own implementation of JWT.
Your secret API Key can be retrieved from the “Developer” section in Merchant Backend. The URL that you use to access Merchant Backend depends on the region and environment of your integration. You can find the appropriate URL in section URLs of Merchant Backend.
Note
An exp
(Expiration Time) JWT claim can be included in
the token payload and it will be validated by LaterPay and URLs with expired
tokens will return a Not Found page to the user.
Impact of any caching mechanisms used by the website should be considered
before including the exp
claim.
If there is no exp
claim set, the token will be valid virtually forever
i.e. as long as the merchant account is active.
Example¶
Assuming the JWT’s payload is
{
"back": "http://merchant-page.example.com/article-123",
"ids": ["article_id_premiumcontent_123", "article_id_timepass_4"]
}
And Merchant’s ID is pnNa4VUu35vomSdTztA6Lj
and merchant’s secret key is
e50837aa2d424abe4f7d32d89fe8a0ba
. Then a valid Manual Identification URL can
look like this:
https://web.laterpay.net/ident/pnNa4VUu35vomSdTztA6Lj/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJiYWNrIjoiaHR0cDovL21lcmNoYW50LXBhZ2UuZXhhbXBsZS5jb20vYXJ0aWNsZS0xMjMiLCJpZHMiOlsiYXJ0aWNsZV9pZF9wcmVtaXVtY29udGVudF8xMjMiLCJhcnRpY2xlX2lkX3RpbWVwYXNzXzQiXX0.4RNXxKzZn_w1-hsFYJjVzpFHFKkcoUzWqD42iQjOuIE/
And this is a different living example showing how the dialog looks.