Quick Start
Lynes hosts the Webview application for you. Your team embeds it in a native WebView and passes a user JWT. No Webview source code is required in your app.
Before you start
Lynes provides during onboarding:
| Item | Example | Your action |
|---|---|---|
| Webview URL | https://gamification.customer.example.com | Load this URL in your WebView |
| Back callback URL | myapp://loyalty/back | Intercept and dismiss the WebView |
| External callback URL | myapp://loyalty/external?url=โฆ | Intercept and open the decoded link in a browser |
| API credentials | Tenant + project + API secret | Sign JWTs on your backend (same as REST API) |
The callback URLs are configured on your hosted Webview instance. They must match exactly what you implement in iOS/Android.
5 steps
1. Register the callback URLs in your app
Handle the two URLs Lynes gave you (placeholders below):
myapp://loyalty/back
myapp://loyalty/external?url={URL_ENCODED}See Native Bridge for iOS/Android snippets.
2. Create a JWT for the logged-in user
On your server, sign a JWT with your Lynes API secret. Required claims: sub, iss, aud, iat, exp.
const token = jwt.sign(
{
sub: user.id,
iss: "your-tenant-id",
aud: "your-project-id",
iat: Math.floor(Date.now() / 1000),
exp: Math.floor(Date.now() / 1000) + 3600,
},
API_SECRET
);3. Build the Webview URL
Pick the path of the screen you want (not only /overview). Add optional query parameters.
Overview:
https://gamification.customer.example.com/overview?lang=de&platform=ios&darkmode=falseLeaderboard (direct):
https://gamification.customer.example.com/leaderboard?lang=de&platform=ios&entrypoint=leaderboardentrypoint does not redirect to another page โ it only controls when the back button closes the Webview and returns the user to your app (instead of going to the previous page inside the Webview). Always set it to match the feature the user came from.
4. Load the WebView with the JWT header
Send the token on the initial document request:
Authorization: Bearer <JWT>var request = URLRequest(url: webviewURL)
request.setValue("Bearer \(jwt)", forHTTPHeaderField: "Authorization")
webView.load(request)webView.loadUrl(
url,
mapOf("Authorization" to "Bearer $jwt")
)After the first load, the Webview manages its own session via cookies. You do not need to attach the header to every internal navigation.
5. Intercept callback navigations
When the user goes back from a root screen or opens an external partner link, the Webview navigates to your custom URL scheme. Cancel the navigation in the WebView and run native code (dismiss / open browser).
Invalid or missing JWT
Without a valid JWT on the first request, the Webview cannot establish a user session. The user may see a loading state or an empty screen. Always issue a fresh JWT before opening the Webview.
Next
- Integration Guide โ platform details, token refresh, troubleshooting
- URL Parameters & Routes โ full parameter and path reference
- Authentication โ token exchange internals
- Native Bridge โ callback specification