Frictionless vending of HATs
With one screen, your customers can get a HAT from your mobile/web application and you can request for their data
HAT Permissions Screen
Single screen Frictionless HAT Vending
1. Your application (web or mobile) collects the email address of the user (with precautionary measures against spam bots)
2. The user gets redirected to a signup service passing in user email, your application’s ID in the HAT ecosystem, and callback URL as query parameters
3. HAT creation gets initialised immediately with the provided email and autogenerated password
4. Once the HAT is up and running (3-5 seconds), the user gets automatically logged in and presented with the HAT permissions screen (see pic)
5. Once permissions are granted, the user gets redirected through the OAuth process of each data plug provider (eg facebook) to setup data plug access into the HAT if the data plug have not yet been set up - if it has been set up, only the application’s permissions would be required
6. Upon finishing data access setup for all required providers, the user will be redirected back to the callback URL from step 2
7. `token` query parameter will also be added to the URL. The token will grant your application access to the imported data on that particular HAT
8. It’s a JWT token and it carries the information about that HAT domain to which the data was added (vendor field)
9. The data itself can then be retrieved from the data debit endpoint on that HAT (the request details are documented here: https://documenter.getpostman.com/view/110376/hat-rich-data-api-showcase/6YySZS7#f3f523f5-5f8c-f54b-6cd9-01eb6b6efa59). It needs to be kept in mind that for each user the domain will be different and needs to be adjusted based on information encoded in the token from step 7. The token itself is used for authentication and should be passed as a `X-Auth-Token` header.
10. The HAT owner will receive an email for him/her to claim his HAT within 7 days and a further email at the end of 7 days to inform him that the HAT will be deleted if unclaimed.
11. If the HAT owner claims his/her HAT, he will be prompted to change his password and set up his HAT in accordance with HAT platform security guidelines.