Integrating your authentication platform
With Pugpig you can integrate with your own authentication or subscription platform to manage user access to your content. Users might exist in a third party subscription system or a database you manage. As standard we provide out of the box integrations for some of the larger, well known subscription systems. A full list can be found here. If yours isn’t supported don’t panic... we also provide a tried and tested pattern for integration.
You may choose to do the integration required for Pugpig yourself. If so, we have detailed documentation on the Pugpig Security API online to help answer any questions you may have (we may still suggest you agree a bit of support time for us to help you if you go this route). If you don’t have a technical team to handle the integration then the Pugpig Authentication support pack will provide all the help you need.
Pugpig Authentication Setup Pack
- In advance of starting work we require this information from you.
- To kick off we will arrange an initial call to discuss your authentication requirements and API documentation including the auth parameters (e.g username, email, password etc). Your API needs to be available to us over HTTP(S).
- We will supply our IP range to you if you need to restrict access to your API endpoints.
- Following this, we usually build a proxy to your API (before we can write this we will need all the items outlined above).
- We will then build a third party authentication module (hosted on our Distribution platform) which talks to your third party API.
- Next up we will need to configure and add the third party authentication into the app containers.
- You will need to supply test users that cover each scenario, we will then add a test form and test the third party authentication with users provided in browser and on devices.
- Our system will automatically run tests every evening, and send you an automatic alert if it isn't behaving as it should.
- We will also handle the setting up of the SSL certificates so that communication between the apps is secure.
- Your Pugpig Authentication support package will be available until your app is ready to submit during which time you will have priority ticket support.
- Any additional help required, as well as post launch support can be purchased under our standard support agreement.
Frequently Asked Questions
Q: Can I include a user ID or some other data in my app analytics.
A: Yes - just let us know which fields you'd like sent to the analytics as an extra dimension. Note that we don't recommend sending identifiable data to any analytics platform - only send meaningless IDs that you can join up later.
Q: How long will users remain logged in before needing to log in again
A: This is up to your back end system. If you return a token as a response to your sign in call, you can expire this token whenever you like. We recommend users remain logged into for a long time (forever!) to make the app experience better.
Q: Can I limit how many devices can have concurrent access.
A: Yes, but this needs to be done by your authentication system. We will send the unique device ID to your system if needed, but it is up to your system to expire old tokens or not grant access to new tokens if needed. If you provide a logout method, we can call this so your system can free up old devices.
Q: Will active users only have access to certain content, or will they get access to everything?
A: We support both models, and this will be something we discuss early in the setup. We call the model where an active user gets everything Access Based Model (for example Netflix or Spotify) and the model where they'll only get certain editions the Edition Based Model (traditional print publishing). We can also support things like grant grace issues or grace periods