Skip to main content

Authenticate a User with the Connection Token

Most Partoo App views require an authenticated user. This is done using a short-lived, one-time connection token generated through the Partoo REST API.

Authentication Flow

To authenticate a user:
  1. Your backend requests a connection token from Partoo using the REST API.
  2. You embed the token in the page rendered to your frontend.
  3. Your frontend initializes the SDK and logs in the user using the token.
partooPage.login('your-connection-token');
This login call triggers the following:
  • The SDK sends the connection token to the Partoo login endpoint.
  • Partoo validates the token and returns a JWT.
  • The user is considered authenticated until the JWT expires.
Connection tokens are single-use and short-lived. You must implement a system to regenerate a new token whenever a user accesses a protected view after the previous token expires.
Design your backend to detect expired JWTs and automatically request new connection tokens before loading protected views.