⚙️Web/HTML Implementation

Legitimate's API can be used to redirect to custom web applications or even native app experiences via two different approaches. This page covers the simple flow when redirecting to another web-based application. For information on native app integration, please refer to Native App Implementation

Technical Architecture

The Legitimate Tags are pre-programmed to link to the Tap by Legitimate web app that then be configured to redirect to your own website.

Tag URL Redirect

Legitimate's NFC Tags can be configured to redirect to a different domain or URL with the verification parameters from the tag to create an entirely new user flow and digital experience. This is extremely useful to redirect users to a custom web experience, or redirect to a native mobile app experience.

https://verify.legitimate.tech/?uid=XXXXXXXXXXXXXXX&ctr=YYYYYY&cmac=ZZZZZZZZZZZZZZZZ

By default, Legitimate's NFC Tags are pre-programmed to open Legitimate's web URL first and then redirect to another desired URL. Legitimate will collect analytics data before redirecting.

https://www.yourdomain.com/experience/?uid=XXXXXXXXXXXXXX&ctr=YYYYYY&cmac=ZZZZZZZZZZZZZ

The URL parameters can then be used to call the tag related APIs.

Each time an NFC tag is scanned, a new set of verification parameters will be generated. Therefore, if you are intending to use the Tag URL Redirect features, it is extremely important to note that you must verify the parameters every time a scan occurs. This is meant to protect the connected products from counterfeit and ensure that each scan is unique.

To configure the redirect URL, please login to the Legitimate Dashboard, open the configuration page for the desired SKU, and set the Redirect URL field.

(Tag URL Redirect) High Level User Interface Overview

• User taps the tag with their phone and opens the link popup

• The browser opens https://verify.legitimate.tech/?uid=XXXXXXXXXXXXXX&ctr=YYYYYY&cmac=ZZZZZZZZZZZZ

• The uid, ctr, and cmac is used to verify the tag's authenticity and get information about the content for the tag.

• The browser is then redirected to your own page with the same parameters https://www.yourdomain.com/page/name?uid=XXXXXXXXXXXXXX&ctr=YYYYYY&cmac=ZZZZZZZZZZZZ

• Your own page must now call our APIs to verify the digital signature payload that is present in the query parameters.

  • Please reference our Getting Started guide to see how to implement this verification via a simple JS snippet

  • Alternatively, you can implement this verification yourself using our API Resources to create a more robust user-experience.