Mobile and Desktop apps

As described in the authentication section, the login flow ends with a redirect to your registered redirect_url with the request_token after a successful login. When this redirect end point is a web application, it is easy to get the token and exchange it for an access_token. When it's a desktop or a mobile application without a server backend, the approach is different.

Similar to how Google and Facebook authentication flows work on mobile apps, you will need to open a webview (browser view) component from within your application pointing to the login url. The entire login flow will happen within this webview. As it's an in-app component, you will have a certain level of control over it, including reading the current location (URL) of the component. It is then possible to monitor location changes using a change event or a poll timer to determine when the redirect happens, and extract the request_token from the URL.

Note

Don't forget to enable cookie (and 3rd party cookie) support in your webview or the login may not work.

In essence:

  • Register a redirect_url with us when you apply for your API credentials. This can be a blank page even. Eg: https://yoursite.com/kite-redirect. For personal desktop apps, you can run a local web server and use 127.0.0.1 as the redirect_url's' host.
  • Start the login flow by opening an webview component within your desktop or mobile application https://kite.trade/connect/login?api_key=xxx
  • From within your application, monitor changes in the URL of the component as the login happens
  • When the URL changes to https://yoursite.com/kite-redirect?request_token=yyy&status=zzz, extract the request_token and status_from the URL and close the webview component.