How-to: Desktop Web App validations

2023-02-13 12:42:25 UTC

Visiolink has different ways of validating user on the Desktop Web App. Which solution is best suited to your needs, depends on your current setup, preferences and price (development time). This guide describes the 3 types of validation "Device validation", "Token validation" and "Custom validation" as well as pros/cons on each.

A more technical guide for user flow integration can be found here: 

Device Validation

Device Validation is a username/password login validation on Desktop Web App. This is the same username/password used on Android and iOS devices (unless those validations are integrated with a 3rd party validation like SPiD, AID or CeleraOne). 

´This is ideal when there is no login on your website or if the Desktop Web App isn't dependable on the your website.

Technical: All exchange of validation data is done as server to server communication.

Estimated Visiolink Development time: 15 minutes

Estimated development time at your end: 1-3 hours

Requirements for you: You need to implement Universal Links logic for addressing the Desktop Web App.

Requirements: Device validation is already set up on Android or iOS.

If not, development time of device validation will depend of the complexity of the integration with your system. A simple solution will typically be around 2-6 hours at Visiolink and less, if any, at the your end.


  • Simple implementation
  • Very little work required by your developers
  • Works very similar on all platforms
  • Can access Desktop Web App with a fixed URL


  • All login happens in Desktop Web App, so might not be ideal if you also have login on you own website and link from there (would mean logging in twice)
  • No external URL parameters

Validation Flow

1) User clicks on a link fx.

2) The Desktop Web App will try to open the publication.

3A) If you have logged in before and browser remembers credentials – the publication will open directly.

3B) If you haven’t logged in before on this device – opens a popup where user can enter login information.

4) Enter credentials – the publication will now open.

Token Validation

Token Validation is when a token is added to the link to Desktop Web App, which automatically gives access through that link.

This is ideal when you want a very close integration with your website and the ePaper and you want your users to access the ePaper through your website only. 

Technical: All communication regarding validation is done as server to server communication, except for the initial token exchange by URL

Estimated Visiolink Development time: 1-2 hours

Estimated development time at your end: 5-7 hours

Requirements for you: You need to implement Universal Links logic for addressing the Desktop Web App including sending the required token.


  • Max 1 service (Service means callback URL  receiving the token and send back a clear positive/negative answer)
  • Minimum 1 parameter in the token
  • No processing of parameters


  • Simple implementation
  • If logged in on your website and linked to Desktop Web App with a valid token, the reader will stay logged in


  • Can only access Desktop Web App from the your website. Not possible with a fixed URL or bookmark unless your site can handle extra logic to do redirecting back to the Desktop App after a user has logged in.

Validation Flow

1) User clicks on a link fx. (the token is last part of URL)

2) The Desktop Web App will try to validate access to the publication using the token value, calling back to the your system. Your system will reply with access granted or denied.

3A) If access granted – the publication will open.

3B) If access denied – Depends on the setup, but publication will not open.

Custom Validation

A custom validation is used when the validation is too complicated to work as a device or a token validation. This may be due to 3rd party integration or for "Single Sign On" solutions. We generally don't recommend these kind of validations, due to high complexity and being time-consuming/expensive to develop and maintain, but its the most flexible option if you want something very specific with your validation. 


This is the only option if you have SSO, want more than 1 callback service or want processing of input-parameters.

Technical: Custom integration layer between the external site and access control system and Visiolink. All SSO’s solutions must get a custom integration.

Estimated Visiolink Development time: 2-3 weeks

Estimated development time at your end: 5-10 hours

Requirements for you: You need to implement Universal Links logic for addressing the Desktop Web App and probably need to add redirect logic.

Requirements: All user login happens on the your side. User credentials are completely unknown to Visiolink.


  • The only option if you have a Single Sign On solution, if you want more than 1 call-back service or if you want processing of input-parameters.
  • Depending on the solution a fixed URL to the Desktop Web App might work (especially for SSO solutions).


  • Time-consuming to develop
  • Difficult to maintain
  • Likely requires work from the your web developer

Validation Flow

This flow can’t be described since it differs depending on what system Visiolink are to integrate with.

Universal Links restriction

For the app sensing logic to work the user must click on a Universal Link, you can't redirect a link to a Universal Link. This is due to security measures on Android and iOS, which will only open an app if the user specifically selects a link that the app knows. Otherwise the user will open the link in the browser instead of the app.

What is needed: 

  • Login URL (including redirect parameters)
  • Error URL (where to send the user if login fails)
  • Optional: a Sales URL 
  • Test Users - A minimum of one test user per profile type

Example of test users:

  • known user without access
  • known user with full access to all content
  • know user with limited access to content – for example access to two out of five papers, access to papers but not to live feed etc.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


  • Avatar
    Max Grønlund

    how do I provide the verification_url/the link visiolink call to validate my user??

  • Avatar
    Agnethe Løkke Madsen

    hello Max, if you have not received help yet, please contact so we can guide you