This flow demonstrates how to initiate a secure login process using a server-side merchantWebKey. It uses a QR/deeplink-based confirmation model with user interaction in the Trustee mobile app.
Recommended for:
- Secure server-side integrations
- Flows where you need to link user identity (userPublicToken) with your backend
- Preventing client-side exposure of credentials
Start Login Request
You initiate a login by calling siteStartRequest. The user will be prompted to scan a QR code or tap a button to open the Trustee app and confirm the login.
mutation siteStartRequest($merchantWebKey: String, $uniqueKeyForRequest: String, $requestType: String) {
siteStartRequest(
merchantWebKey: $merchantWebKey,
uniqueKeyForRequest: $uniqueKeyForRequest,
requestType: $requestType
)
}Wait for User to Respond
Once the user opens the link or scans the QR code, they’ll see a confirmation dialog in the Trustee app asking to approve or deny login.
You should periodically call siteCheckRequest to get the login result.
mutation siteCheckRequest($merchantWebKey: String, $uniqueKeyForRequest: String) {
siteCheckRequest(
merchantWebKey: $merchantWebKey,
uniqueKeyForRequest: $uniqueKeyForRequest
)
}What Happens If User Does Not Respond?
You can handle timeouts based on:
- resRequestWillExpire: Exact timestamp of expiration
- resRequestTimePassedSeconds: How much time has passed
- statusCode or lack of user response in polling
If needed, you can re-initiate the login process with a new uniqueKeyForRequest.
Optional: Redirect User After Login (Callback URL)
You can provide a callback link where the user will be redirected after confirming the login in the Trustee app. To do this, contact developers team