Skip to main content

iOS & Android

How can mobile apps communicate with Kukai-embed?

warning

Kukai-embed incorporates social authentication flows that are bound to social provider policies and can only be executed in a browser. During social authentication, the current web link (URL) must be visible to the user.


To use kukai-embed on mobile, your app needs to send users to a browser where they can interact with kukai-embed. After a successful interaction, your users may return to your app via a deep link.


There are two ways to enable your users to interact with kukai-embed on mobile:

  1. (Recommended) Build and host a kukai-embed delegate page that receives operation payloads through deep link parameters. Redirect your users back to your mobile app via deep links containing information about their actions.
  2. Build and host your own front-end page (resembling a mini DApp), which generates operation payloads. This enables your users to interact with kukai-embed. Redirect your users back to your mobile app via a simple deep link.

The process (kukai-embed delegate page)

To interact with kukai-embed, the process unfolds as follows:

  1. The mobile app sends the user to a kukai-embed delegate page. See Delegate webpage for more information regarding hosting your own delegate page or using an existing template.
    (i.e. <kukai_embed_delegate_url>/login?data=<user_data>, where data may contain information about the current user including custom userIds or usernames, if needed)
  2. On the delegate webpage, where kukai-embed is present, the user connects a social wallet and a deep link takes them back to your mobile app
    (i.e. <your_app>://login?data=<user_data>, where data may contain information about the user: tezos address, social provider used, public key or even a signed expression).
  3. The mobile app populates its UI using the incoming payload that is carried with the deep link
  4. To send operations, the mobile app could serialize an operation payload and pass it as a url parameter to the kukai-embed delegate page
    (i.e. <kukai_embed_delegate_url>/operation?payload=<operation_payload>, where payload may contain a stringified version of a json payload - simple entrypoint call example)

tip

Any app on the web could send a deep link your mobile app, impersonating someone else’s account. Mobile Apps should not accept users for connecting their wallets without verifying the user owns the Tezos address with follow-up operation (see Authentication)