Sending parameters in a query string to external domains
Learn how to securely send a user token through a query string.
Pugpig Bolt provides the ability to pass items on the query string to your site to help improve these experience.
In order not to pass sensitive information to the wrong place, we will configure this on our side to only send the information to trusted domains. In most cases, this will be domain of your web site, but we can include others if desired.
When Information is passed
The information will be added to the query string in the following cases:
- Any external links out from the app content
- Any embedded URLs in the settings pages
- Any embedded URLs in the tab bar
We provide a default set of values on the query string. These are described below. However, if you wish us to send custom values, get in touch with our support team. Note that these values are sent on ALL links - we cannot provide different values on different URLs.
We usually send the user token as the token parameter - for example http://www.acme.com/?token=123412345
The token is the same token we receive from the login flow.
You will need to implement the logic on your site to look for this token, and log in the user accordingly if the token is valid. If you are a Piano user, we can provide sample code to assist with this. Please ask our support team.
We can send any other information we receive from the user if needed (for example, the company they are from)
Indication that we are from the app
It is often useful for your site to know that that link or embed is coming from the app. For this, we pass a parameter by default called from_app - for example http://www.acme.com/?token=123412345&from_app=1
Many of our clients will use this parameter to hide any header, footer or navigation and only show the content from the web site when embedded in the app.
Items under consideration
We are currently looking into:
- Sending an indication if the app is currently in Dark Mode (from app settings, not system settings)
- Adding the ability to pass information through to Iframes