Integration Flow
Launch session model
Launch token redemption and session establishment.
Launch session model
Launch is server-to-server first, browser second.
Launch flow
- operator backend calls
POST /api/operator/launch - OpenPoly upserts operator user by
external_user_id - OpenPoly resolves allowed host for operator
- OpenPoly creates launch token hash and expiry
- OpenPoly returns
launch_url - operator redirects user to
launch_url - Mini App redeems token and establishes session
- browser URL drops one-time token after redemption
Token properties
- default TTL:
60seconds - minimum TTL:
30seconds - single-use
- stored hash-only
- repeated launch calls can mint new token for same operator user
Host binding
Launch host must match operator-allowed host resolution.
Inputs:
- requested
hostfrom launch API body, if provided - operator host mapping
- environment fallback host
Result:
- launch URL points to allowed host only
- wrong-host token usage must fail
Session semantics
After token redemption:
- browser gets Mini App session cookie
- browser gets CSRF cookie
- operator backend is no longer in request path for ordinary in-app navigation
Session is for Mini App client. Operator API key stays server-side only.
Operator user model
external_user_idunique per operator- user is upserted on launch
- display name and locale can be snapshotted
- metadata can be attached from operator backend
Operator responsibilities
- create launch from trusted backend only
- never mint launch from browser
- use stable
external_user_id - keep redirect flow short enough that token does not expire