HAT creation gets automatically initialised with the supplied email address and autogenerated password
Once the HAT PDA is up and running (2-3 seconds), the user gets automatically logged in and presented with the HMI Screen. HMI is the HAT Microserver Instructions hat the HAT PDA owner issues and represents the legal contract between the HAT PDA owner and the application in order to enable the application to interact with the HAT PDA.
Once HMI is confirmed, the user gets redirected through the OAuth process of each data plug provider (eg facebook) in order to setup data plug access into the HAT PDA, if the data plug have not yet been set up. If it has been set up, only the application’s permissions would be required
Upon finishing data access setup for all required providers, the user will be redirected back to the
In order to use frictionless HAT PDA vending with
BaaS, the only requirement from your application or webpage,
is to collect user's email address and HAT PDA
In order to register users via baas, the application or webpage needs to redirect users to the following URL:
With the following query parameters:
"hat_name" "email" "application_id" "redirect_uri"
Please use the value of Application ID in the kit summary to test
In case signup is successful the user will be redirected back to your application
with query parameter
token, the application token for that user.
In case signup fails at any stage of the process, the user will be redirected back
to your application with query parameters
error_reason. It is left up
to each individual application to decide how the failures should be communicated to
the user. Currently
error field will always have the value
error_reason field can have multiple values depending on the failure type:
The data itself can be retrieved from the data debit endpoint on that HAT, the request details are documented here:
Note that HAT domain name will be different for each user and needs to be adjusted based on information encoded in the token. The token itself is used for authenticating the request and should be passed as a “X-Auth-Token” header.