• Home
  • Pugpig Bolt
  • Authentication and Subscriptions

Sending parameters in a query string to external domains

Learn how to securely send a user token through a query string.

Written by Jean Kemp

Updated at November 23rd, 2023

  • Pugpig Bolt
    Bolt apps Content and Workflows Bolt CMS Pugpig Distribution Service URLs, Domains and Linking Bolt Search Authentication and Subscriptions Bolt Analytics Push notifications Bolt Release Notes Debugging Advertising App stores Consent management
  • Pugpig Site
    Site Search URLs, Domains and Linking Content Management System Analytics SEO Advertising Consent Management Platform Site Release Notes Debugging Authentication and Subscriptions
  • Pugpig Archive
  • Working with Pugpig
    Pugpig Support Releasing new versions Pugpig Packs & Agreements Pugpig Policies
  • Pugpig Consulting
+ More

Introduction

Pugpig Bolt provides the ability to pass items on the query string to your site to help improve these experience. 

Trusted Domains

In order not to pass sensitive information to the wrong place, we will configure this on our side to only send the information to trusted domains. In most cases, this will be domain of your web site, but we can include others if desired.

When Information is passed

The information will be added to the query string in the following cases:

  • Any external links out from the app content
  • Any embedded URLs in the settings pages
  • Any embedded URLs in the tab bar

Standard Values

We provide a default set of values on the query string. These are described below. However, if you wish us to send custom values, get in touch with our support team. Note that these values are sent on ALL links - we cannot provide different values on different URLs.

User Token

We usually send the user token as the token parameter - for example http://www.acme.com/?token=123412345

The token is the same token we receive from the login flow. 

Development Needed

You will need to implement the logic on your site to look for this token, and log in the user accordingly if the token is valid. If you are a Piano user, we can provide sample code to assist with this. Please ask our support team.

 

User Information

We can send any other information we receive from the user if needed (for example, the company they are from)

Indication that we are from the app

It is often useful for your site to know that that link or embed is coming from the app. For this, we pass a parameter by default called from_app - for example http://www.acme.com/?token=123412345&from_app=1

Many of our clients will use this parameter to hide any header, footer or navigation and only show the content from the web site when embedded in the app.

Items under consideration

We are currently looking into:

  • Sending an indication if the app is currently in Dark Mode (from app settings, not system settings)
  • Adding the ability to pass information through to Iframes
 

 

 

 

 

 

user token query string querystring usertoken

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • In-app purchases and cross entitlement
  • Bolt Paywall customisation
  • Bolt Metered Paywall
pugpig logo white
Navigation
  • Products
  • Customers
  • News
  • Podcast
Contact
  • Contact us
  • LinkedIn
  • Twitter
Technical Support
  • Status Page
  • Documentation
  • Customer Support
Corporate
  • Company
  • Jobs
  • Privacy Policy

© Kaldor Ltd. 2022

Powered by Pugpig

Expand