Authenticate User
Once a user session is initiated via the ft.getUserToken() method, your MiniApp is responsible for actively verifying the token's authenticity.
⚠️ Security Warning: You cannot rely purely on the token residing in the client-side SDK. Frontend data can be manipulated or expire. You must perform a secure server-to-server verification to definitively confirm the user's identity before granting access to your backend resources or taking any further actions.
Step 1: Handle the SDK Callback
After initialization, your frontend will invoke the SDK's token method ft.getUserToken(). When the SDK returns the token to the client, you will receive the authentication string you need.
Extract the token string from the frontend. Use this client-side event as a trigger to pass the token to your backend to begin the secure verification process.
Step 2: Retrieve Verified User Profile
To verify the user securely, your backend must pass the token to the Verify User Token endpoint. You must pass the token obtained from the SDK in Step 1 within the miniapp-user-token header to verify the user directly with the server.
Please refer to the Verify User Token API Reference for the exact endpoint URLs and complete cURL examples.
Step 3: Evaluate the Response Payload
Upon receiving the response from the server-to-server call, your backend must evaluate the success and data.id fields within the payload to confirm the token's validity.
A fully verified and authenticated token will return the following in its payload:
Server API Response Snippet:
{
"status_code": 200,
"result": "Operation Completed Successfully",
"success": true,
"data": {
"id": "[email protected]"
}
}Updated about 5 hours ago