search

Login Flow

Mini Apps platform requires merchant to mandatorily integrate the login flow for Mini Apps. Essentially merchant can not have a manual sign-in process for the user i.e. whenever a Mini Apps requires user credentials, the only method allowed is via the Login Flow.

 

Note: Mini Apps platform requires merchant to mandatorily integrate the login flow. Essentially merchants can not have a manual sign-in process for the user i.e. whenever a Mini Apps requires user credentials, the only method allowed is via the Paytm Login Flow.

 

The login flow for Mini Apps works like this:

  1. User clicks on the merchant app icon on the Paytm Mini App Store, Paytm opens the merchant's Mini App
  2. User browses the catalog/ adds items to their cart
  3. When merchant app flow requires to login the user, user is shown a popup asking permission to share their credentials with the merchant
  4. Once user taps on "Allow", they are seamlessly logged in to the merchant Mini App.

Note: The consent will only come once and for returning users, the merchant can seamlessly access user details to facilitate login. Detailed Login steps can be found here.

 

Integrating Login flow in Mini Apps involves the following steps:

 

Step 1: Call paytmFetchAuthCode JS API at client end to get the Auth Code

Step 2: Call getAccessToken API from backend (S2S) to get Auth Token using the Auth Code received in Step 1

Step 3: Call  getUserInfo API from backend (S2S) to get user details of Paytm users and seamlessly login the user

 

Note: Please ensure the client secret shared during your app onboarding is never passed to your frontend/ m-web in the flow.

 

Please watch this tutorial to understand the login integration process in more detail 

 

login flow

Merchant Side Login Flow Handling

Paytm expects the merchant to handle all known scenerio arising in a login flow. Following are the scenerios possible:

 

Consent Allowed and all Profile Details Configured

  • Merchant calls paytmFetchAuthCode JS API and user click on “Allow” in the consent popup. Merchant gets Auth Code as response and then seamlessly login the user, by fetching user details via S2S call.

Consent Allowed and Profile Details Incomplete

  • There can be cases where users might not have Email/ Name configured in their Paytm account. For such cases the ideal flow is to fetch user details via S2S call and then if required, merchants may take input from the user to add Email/Name in the merchant account.

     

    Note: Paytm will soon develop Email/Name population flow to ensure all users providing consent have valid & complete profile details configured.

 

Consent Denied / User Press back on consent popup

  • Merchant calls paytmFetchAuthCode JS API and user click on “Deny” in the consent popup. Mini Apps Platform mandates merchants to not allow any form of manual/ social login. To handle consent denied cases, merchant can handle this in the following proposed way:

    On click of Deny/Back Button paytmFetchAuthCode JS API will return error code "-1" based on that merchants can show a user friendly popup/toast stating something like “Consent is mandatory to proceed” and show CTA of OK/Cancel or Proceed/Exit. On tap of OK/Proceed call the paytmFetchAuthCode JS API again and in case of Cancel/Exit call popWindow JS API to take the user back to Paytm App.

     

    Note: If the user keeps on denying, it is advised to take user out of the Mini Apps after multiple denies.

 

User opens Mini Apps while logged out from Paytm

  • There can be cases where a user is logged out from Paytm App and tries to open any Mini Apps. In such cases when a merchant calls paytmFetchAuthCode JS API, Paytm will show the user a login Popup. There can be following cases arising:
  1. User logs in using the Login Popup: Paytm will then proceed with normal login flow: Show consent and proceed. Merchant does not need to do any exceptional handling for such a scenario.
  2. User press Skip Login / Press Hardware back: In this case paytmFetchAuthCode JS API will return error code "-2" based on that merchants should show a user friendly text stating something like “Login in Paytm to Proceed with the Flow” with possible CTAs of OK/Cancel. On tap of OK call paytmFetchAuthCode JS API again and on tap of Cancel, call popWindow JS API to take the user back to Paytm App.