Authenticating Users
By default, Decagon does not authenticate users. To authenticate users, first contact us to enable this feature and send you a secure private key. It is not necessary to authenticate users to have a fully functional product, but it is recommended.
Generating an authentication token
You should first use the private key you were given to generate a token authenticating the user. This must be done on a backend server. Since the private keys cannot be exposed to end users, this cannot be done on a web client.
To generate a token, use the following Python snippet (or it’s equivalent in another language):
Tokens are valid for 24 hours. After this time, a new token must be generated.
Authenticating the user on the frontend (Web)
Every time the user is identified on the frontend, you must also pass in the token object that was generated above as part of the metadata. Simply call the following function with your signature and epoch.
Authenticating the user on the frontend (Mobile)
For mobile, you can use a similar approach and include your signature and epoch in the request headers for your WebView. Set your signature as the X-DECAGON-AUTH-SIGNATURE
header, and set your epoch as the X-DECAGON-AUTH-EPOCH
header.
For example, in Swift, you can accomplish this with:
In React Native, you can do the same: