Multipass

Handling User Response

This sections explains how to recover and utilize the response you recieve from a successful Multipass connection.

Getting Familiar

The following screenshots are taken from our example application found here πŸ”—

We will use the live example application to demonstrate the response recieved and how to work with it.

Creating Connection

In the example application toggle the developer mode switch located at the top right of the app bar.

Dev Mode

Notice the User Response section, Signature Verification section, and Custom Template ID input as we will be working with these.

Firstly, input your custom template ID and API key (See App Links πŸ”— for reference). The example app will create your app link and which can be accessed in the top right Open button or in the mock selection Clover by selecting the connect button.

Dev Mode

Example Response

Your provided Webhook URL will recieve the following payload structure.

  root: {
    payload: {
      body: {
        login: "miroosama",
        public_gists: 0,
        twitter_username: null,
        created_at: "2017-10-03T02:26:45Z",
        company: null,
        blog: "",
        collaborators: 0,
        id: 32473240,
        html_url: "https://github.com/miroosama",
        node_id: "MDQ6VXNlcjMyNDczMjQw",
        url: "https://api.github.com/users/miroosama",
        organizations_url: "https://api.github.com/users/miroosama/orgs",
        repos_url: "https://api.github.com/users/miroosama/repos",
        hireable: null,
        location: null,
        type: "User",
        user_view_type: "private",
        following_url: "https://api.github.com/users/miroosama/following{/other_user}",
        avatar_url: "https://avatars.githubusercontent.com/u/32473240?v=4",
        total_private_repos: 9,
        following: 5,
        starred_url: "https://api.github.com/users/miroosama/starred{/owner}{/repo}",
        two_factor_authentication: true,
        followers_url: "https://api.github.com/users/miroosama/followers",
        owned_private_repos: 9,
        notification_email: null,
        email: null,
        received_events_url: "https://api.github.com/users/miroosama/received_events",
        subscriptions_url: "https://api.github.com/users/miroosama/subscriptions",
        gists_url: "https://api.github.com/users/miroosama/gists{/gist_id}",
        private_gists: 0,
        name: null,
        plan: {
          private_repos: 10000,
          collaborators: 0,
          space: 976562499,
          name: "free",
        },
        gravatar_id: "",
        bio: null,
        disk_usage: 133972,
        followers: 6,
        updated_at: "2025-07-02T15:11:56Z",
        public_repos: 292,
        site_admin: false,
        events_url: "https://api.github.com/users/miroosama/events{/privacy}",
      },
    },
    signature:
      "0xc901eb589a9b087fddc9f3669c55d96faf7b4a501b5ae690dee91107e5763f9946233b8e0cc87684a9e0d8b01bb3b4d95a08eeead725cf7a805051603a2a2ded1c",
    hash: "0x22f8df774e57c2a89708ea2b2f3f9d7637199539814ae62f8c6ed6470bbb33ea",
    message: `{
      "body": "{\\"login\\":\\"miroosama\\",\\"id\\":32473240,\\"node_id\\":\\"MDQ6VXNlcjMyNDczMjQw\\",...}",
      "cookies": {},
      "headers": {
        "access-control-allow-origin": "*",
        "access-control-expose-headers": "...",
        "cache-control": "private, max-age=60, s-maxage=60",
        "content-length": "1443",
        "content-security-policy": "default-src 'none'",
        "content-type": "application/json; charset=utf-8",
        "date": "Thu, 03 Jul 2025 11:30:35 GMT",
        "etag": "\"3896acb0affbfb96e050e6c79fc0dc6da36749939acc5d6f1d00a54c11715e42\"",
        "last-modified": "Wed, 02 Jul 2025 15:11:56 GMT",
        "referrer-policy": "origin-when-cross-origin, strict-origin-when-cross-origin",
        "server": "github.com",
        "strict-transport-security": "max-age=31536000; includeSubdomains; preload",
        "vary": "Accept, Authorization, Cookie, X-GitHub-OTP,Accept-Encoding, Accept, X-Requested-With",
        "x-accepted-oauth-scopes": "",
        "x-content-type-options": "nosniff",
        "x-frame-options": "deny",
        "x-github-api-version-selected": "2022-11-28",
        "x-github-media-type": "github.v3; format=json",
        "x-github-request-id": "813D:2E77F8:21FF68D:22F2B59:686669D9",
        "x-oauth-client-id": "Ov23liqmohfBdEpL34Ii",
        "x-oauth-scopes": "read:user, user:email",
        "x-ratelimit-limit": "5000",
        "x-ratelimit-remaining": "4999",
        "x-ratelimit-reset": "1751545835",
        "x-ratelimit-resource": "core",
        "x-ratelimit-used": "1",
        "x-xss-protection": "0"
      },
      "status": 200,
      "url": "api.github.com/user",
      "url_params": {}
    }`,
    metadata: {
      randomId: "ix8md1xq",
    },
    _receivedAt: "2025-07-03T11:30:48.108Z",
  }

Assessing the Data

There are five keys of note:

  • Payload
  • Signature
  • Hash
  • Message
  • Metadata
  1. Payload is the response from the platform API.
  2. Signature, hash, and message are used to verify your notarization. Please see the Verification API πŸ”— for further instructions on how verify notarized data.
  3. As seen in Initiating App Links πŸ”— code example you are able to pass data to be accepted by your backend along with the user response.
Previous
The User Experience
Next
Message Hash Verification