Authorization and Session Management

Login and Metapro ID

The login process in this integration starts with the user logging in through their Telegram account to create a Metapro ID. Once the user logs in with Telegram, a Metapro account is created for them. This allows the user to interact with the Metapro ecosystem using their Telegram credentials. After creating the account, the user has the option to connect their Metapro Wallet to this newly created account, enabling further Web3 interactions, such as managing assets and interacting with blockchain features.

Authentication tokens

Authentication tokens are used to maintain the user's session securely. After successful login through Telegram, Metapro issues an access token that the Mini App can use to authenticate requests to Metapro services. This token must be stored securely (e.g., in session storage) to prevent unauthorized access. The access token is automatically extended when interacting with various Metapro API endpoints, ensuring the user remains authenticated without requiring manual re-login.

Session handling and security

Session management is crucial to ensure a smooth user experience and maintain security. Developers should implement mechanisms to handle token expiration effectively. Since the access token is automatically extended during interactions with Metapro services, developers should ensure that the Mini App continuously interacts with the API as needed to maintain session validity. Additionally, developers should implement secure storage practices to protect tokens and prevent session hijacking or unauthorized access.

User data management

User data management involves securely storing and retrieving user information needed by the Mini App. Only essential user data should be requested and stored, following the principles of data minimization. Developers should ensure that sensitive user information is encrypted and handled according to best practices to protect user privacy. The integration with Metapro allows the Mini App to access user-specific blockchain data, such as wallet balances and transaction history, which should be displayed securely and transparently to the user.