# Web/HTML Implementation

Legitimate's API can be used to redirect to custom web applications or even native app experiences via two different approaches. This page covers the simple flow when redirecting to another web-based application. For information on native app integration, please refer to [native-app-implementation](https://docs.legitimate.tech/technical-docs/native-app-implementation "mention")

## Technical Architecture

The Legitimate Tags are pre-programmed to link to the Tap by Legitimate web app that then be configured to redirect to your own website.

## Tag URL Redirect

{% hint style="info" %}
To see a simple example of the tag URL Redirect and tag verification in action, please refer to the [getting-started](https://docs.legitimate.tech/technical-docs/developer-resources/web-html-implementation/getting-started "mention") document and [simple-html-example](https://docs.legitimate.tech/technical-docs/developer-resources/web-html-implementation/simple-html-example "mention") .
{% endhint %}

Legitimate's NFC Tags can be configured to redirect to a different domain or URL with the verification parameters from the tag to create an entirely new user flow and digital experience. This is extremely useful to redirect users to a custom web experience, or redirect to a native mobile app experience.

```url
https://verify.legitimate.tech/?uid=XXXXXXXXXXXXXXX&ctr=YYYYYY&cmac=ZZZZZZZZZZZZZZZZ
```

By default, Legitimate's NFC Tags are pre-programmed to open Legitimate's web URL first and then redirect to another desired URL. Legitimate will collect analytics data before redirecting.

```url
https://www.yourdomain.com/experience/?uid=XXXXXXXXXXXXXX&ctr=YYYYYY&cmac=ZZZZZZZZZZZZZ
```

The URL parameters can then be used to call the tag related APIs.

Each time an NFC tag is scanned, a new set of verification parameters will be generated. Therefore, if you are intending to use the Tag URL Redirect features, it is extremely important to note that [**you must verify the parameters every time a scan occurs**](https://docs.legitimate.tech/technical-docs/api-resources/verify). This is meant to protect the connected products from counterfeit and ensure that each scan is unique.

To configure the redirect URL, please login to the [Legitimate Dashboard](https://dashboard.legitimate.tech), open the configuration page for the desired SKU, and set the Redirect URL field.

<figure><img src="https://4283642659-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuF8GxCCVKiHZhuxM0XLD%2Fuploads%2FheTfm5srjl5XuzllYoQE%2FScreenshot%202025-05-07%20at%208.57.09%E2%80%AFAM.png?alt=media&#x26;token=ce47bceb-2296-4704-9bc9-b50ed42e49d5" alt=""><figcaption></figcaption></figure>

### (Tag URL Redirect) High Level User Interface Overview

* User taps the tag with their phone and opens the link popup
* The browser opens [`https://verify.legitimate.tech/?uid=XXXXXXXXXXXXXX&ctr=YYYYYY&cmac=ZZZZZZZZZZZZ`](https://tap.legitimate.tech/?uid=XXXXXXXXXXXXXX\&ctr=YYYYYY\&cmac=ZZZZZZZZZZZZZ)
* The `uid`, `ctr`, and `cmac` is used to verify the tag's authenticity and get information about the content for the tag.&#x20;
* The browser is then redirected to your own page with the same parameters [`https://www.yourdomain.com/page/name?uid=XXXXXXXXXXXXXX&ctr=YYYYYY&cmac=ZZZZZZZZZZZZ`](https://tap.legitimate.tech/?uid=XXXXXXXXXXXXXX\&ctr=YYYYYY\&cmac=ZZZZZZZZZZZZZ)
* Your own page must now call our APIs to verify the digital signature payload that is present in the query parameters.
  * Please reference our [getting-started](https://docs.legitimate.tech/technical-docs/developer-resources/web-html-implementation/getting-started "mention") guide to see how to implement this verification via a simple JS snippet
  * Alternatively, you can implement this verification yourself using our [api-resources](https://docs.legitimate.tech/technical-docs/api-resources "mention") to create a more robust user-experience.