Android: User Tokens
How do they work?
User tokens are used to identify a user in the Billpocket platform. When provided as a parameter in your app’s request to Billpocket, our app will configure itself to behave as a new terminal for the given user. Successive calls with the same token will bear the same result.
Should another User token be sent to Billpocket, it will configure itself to behave as if it was a terminal for this new user. This behavior enables your app to configure the current Billpocket installation for as many users as User tokens you manage.
User Tokens
User tokens are cryptographically-secure generated IDs with a 1-to-1 relationship to our user base, and they’re used to know who is making a setup request when Billpocket’s app is called from the outside.
In this use-case, user tokens are the first configuration parameter required to set up a device and start the payments process. The second parameter is:
Device Tokens
Device tokens are short random-generated ID’s for each device registered in your account. These represent a device with a name or “Alias" and possibly some transactions related to them. Device tokens can be in 1 of 2 states: Dead or Alive.
Alive Tokens
These tokens are available for use. You can only configure new devices if the given token is alive. When you create a new device or request an existing device’s token in your web interface, the generated token is alive and ready to be used.
Dead Tokens
Dead tokens are not available for use. An alive token becomes dead when it is used to configure a device through App-2-App integration or regular usage in the Billpocket's app.
These are logically paired to a physical device and will continue working for that device only.
Building the Request
As stated above, you shall now include the User token in the following fashion
Variable | Description | Value type |
usertoken | User token for 3rd Party use | String |
devicetoken | Device token | String (8-12 chars) |
Using Intents
Intent intent = new BPIntentBuilder()
.setAction(INTEGRATION_ACTION_BILLPOCKET)
.setUserToken(mUserToken).build();
Using URL’s
billpocket://?transaction=venta&amount=1.00&tip=.10&reference=mic00f&identifier=1001&usertoken=4db75ae65ab1fc0e067a68c3e6e0a53f25e0bb68384186b5be714ff1c0980d1a&urlScheme=https://www.mywebhook.com
With Great Power Comes Great Responsibility
Remember that user tokens are sensitive data and should not be sent in a non-secure channel. Please transmit these using (at least) an SSL channel.
If you suspect a user token has been compromised, please notify our team to invalidate or rotate the token. Future calls with this invalidated token will be taken as errors.
© Billpocket, 2018