Integration with Co-Auth

This page explains how third party applications can integrate with co-auth

Step 1: Settings

Create an new co-auth application and API-key for that application

Step 2: In your initiation request (at backend code)

Create a random string (code verifier), create code challenge (using SHA256 of code verifier), store the code verifier in cache / session to validate later

curl --location '{{COAUTH_API_GATEWAY}}/api/coauth/register/generate' \
--header 'Content-Type: application/json' \
--data '{

Send the response code from the API to your front end

Step 3: Integrate front end

3.1 Include an <iframe src="{{API_GATEWAY_URL}}/ui/#/{{register/verify}}/{{CODE_FROM STEP2}}" /> into your html

3.2 A JavaScript method to listen for events from iFrame

const receiveMessage = (event: any) => {
  if ( == "transactionComplete") {

When transaction is completed by the iframe UI, a callback is sent from iframe (web plugin) to your parent page

Step 4: Validate if the co-auth transaction was successful

In your application backend you need to make a status call to verify status

curl --location '{{COAUTH_API_GATEWAY}}/api/coauth/register/status' \
--header 'Content-Type: application/json' \
--data '{


You may want to modify your applications content-source-policy to allow Co-Auth URLs, if Co-Auth is hosted on a separate domain

Last updated