Some links set within ChipBot’s white label dashboard will be displayed to the user. One such example is the “Plans & Billings” feature.
Because ChipBot is linking to an external source, that source may not be able to safely and securely identify the user.
This introduces the need for a signed identifier.
All external links associated with an external account option will have a prepended token containing limited user identification. The token can later be used to get additional details. It expires 30 seconds after the user clicks the link.
Use your Account API Key as the secret key to verify the JWT token. This prevents man-in-the-middle manipulation of the token.
Here’s how the flow works: