User data authorization
There are three possible options for user data authorization, which can be selected on the application profile configuration page.
This is the default option. When selected, all API requests the SDK makes will be authorized using the application code.
When this option is selected, certain backend API calls made by the SDK will require authorization with a securely signed JWT. To implement this option, you need to provide a JWT to Mobile Messaging SDK, either during initialization or later using the setter method. The external user ID of the person is also required to generate the token.
//Supply JWT during init phase
MobileMessaging.init({
userDataJwt: 'JWT',
applicationCode: 'APP_CODE',
//other config parameters
},
//other init parameters
);
//Supply JWT using setter method
MobileMessaging.setUserDataJwt(
'JWT',
function (error) { //Error callback
console.log('Error occurred while setting new user data JWT: ' + error.description);
}
);The JWT should be generated and fetched from your backend. If there is no external user ID, JWT shall not be set or it can be set as null, in which case the person is threated as anonymous and API key authorization will be used.
If your application is configured to use JWT for authorization and provided JWT is
null, then Mobile Messaging personalization method will not work as in this case it is required to supply external user ID as part of user identity and JWT created with that same external user ID. Other SDK methods will work as expected, except the external user ID is not allowed to be updated in any other way other than with personalization method.
Before making the API call, the SDK will validate the provided token for structure and expiration. If the token fails validation, no API call will be made. It is recommended to check for such validation errors in callback functions which you can provide as parameter to Mobile Messaging SDK functions.
Example with saveUser function:
MobileMessaging.saveUser(
userData,
function(userData) {
//success callback
},
function(error) {
//error callback
console.log('Error occurred while trying to save user data: ' + error.description);
if (error.code === 'JWT_TOKEN_EXPIRED') {
//fetch new JWT from backend that is not expired and provide it to Mobile Messaging SDK
let newJwt = fetchJwt();
MobileMessaging.setUserDataJwt(
newJwt,
function (error) { //error callback
console.log('Error occurred while setting new user data JWT: ' + error.description);
}
);
//NOTE: retry of unsuccessful function call can be performed now
} else {
//handle other error cases
//in case of JWT structure validation errors please check the way you generate JWT
}
}
);The required structure of the JWT and an example of how to generate it can be found in the JSON Web Token (JWT) structure and generation example article.
The SDK functionalities that require JWT authorization are fetchUser, patchUser, and personalize.
With this option, it is only possible to modify personal information over Contact Information API.