Multipass
Handling User Response
This sections explains how to recover and utilize the response you recieve from a successful Multipass connection.
Getting Familiar
The following screenshots are taken from our example application found here π
We will use the live example application to demonstrate the response recieved and how to work with it.
Creating Connection
In the example application toggle the developer mode switch located at the top right of the app bar.
Notice the User Response section, Signature Verification section, and Custom Template ID input as we will be working with these.
Firstly, input your custom template ID and API key (See App Links π for reference). The example app will create your app link and which can be accessed in the top right Open
button or in the mock selection Clover
by selecting the connect button.
Example Response
Your provided Webhook URL will recieve the following payload structure.
root: {
payload: {
body: {
login: "miroosama",
public_gists: 0,
twitter_username: null,
created_at: "2017-10-03T02:26:45Z",
company: null,
blog: "",
collaborators: 0,
id: 32473240,
html_url: "https://github.com/miroosama",
node_id: "MDQ6VXNlcjMyNDczMjQw",
url: "https://api.github.com/users/miroosama",
organizations_url: "https://api.github.com/users/miroosama/orgs",
repos_url: "https://api.github.com/users/miroosama/repos",
hireable: null,
location: null,
type: "User",
user_view_type: "private",
following_url: "https://api.github.com/users/miroosama/following{/other_user}",
avatar_url: "https://avatars.githubusercontent.com/u/32473240?v=4",
total_private_repos: 9,
following: 5,
starred_url: "https://api.github.com/users/miroosama/starred{/owner}{/repo}",
two_factor_authentication: true,
followers_url: "https://api.github.com/users/miroosama/followers",
owned_private_repos: 9,
notification_email: null,
email: null,
received_events_url: "https://api.github.com/users/miroosama/received_events",
subscriptions_url: "https://api.github.com/users/miroosama/subscriptions",
gists_url: "https://api.github.com/users/miroosama/gists{/gist_id}",
private_gists: 0,
name: null,
plan: {
private_repos: 10000,
collaborators: 0,
space: 976562499,
name: "free",
},
gravatar_id: "",
bio: null,
disk_usage: 133972,
followers: 6,
updated_at: "2025-07-02T15:11:56Z",
public_repos: 292,
site_admin: false,
events_url: "https://api.github.com/users/miroosama/events{/privacy}",
},
},
signature:
"0xc901eb589a9b087fddc9f3669c55d96faf7b4a501b5ae690dee91107e5763f9946233b8e0cc87684a9e0d8b01bb3b4d95a08eeead725cf7a805051603a2a2ded1c",
hash: "0x22f8df774e57c2a89708ea2b2f3f9d7637199539814ae62f8c6ed6470bbb33ea",
message: `{
"body": "{\\"login\\":\\"miroosama\\",\\"id\\":32473240,\\"node_id\\":\\"MDQ6VXNlcjMyNDczMjQw\\",...}",
"cookies": {},
"headers": {
"access-control-allow-origin": "*",
"access-control-expose-headers": "...",
"cache-control": "private, max-age=60, s-maxage=60",
"content-length": "1443",
"content-security-policy": "default-src 'none'",
"content-type": "application/json; charset=utf-8",
"date": "Thu, 03 Jul 2025 11:30:35 GMT",
"etag": "\"3896acb0affbfb96e050e6c79fc0dc6da36749939acc5d6f1d00a54c11715e42\"",
"last-modified": "Wed, 02 Jul 2025 15:11:56 GMT",
"referrer-policy": "origin-when-cross-origin, strict-origin-when-cross-origin",
"server": "github.com",
"strict-transport-security": "max-age=31536000; includeSubdomains; preload",
"vary": "Accept, Authorization, Cookie, X-GitHub-OTP,Accept-Encoding, Accept, X-Requested-With",
"x-accepted-oauth-scopes": "",
"x-content-type-options": "nosniff",
"x-frame-options": "deny",
"x-github-api-version-selected": "2022-11-28",
"x-github-media-type": "github.v3; format=json",
"x-github-request-id": "813D:2E77F8:21FF68D:22F2B59:686669D9",
"x-oauth-client-id": "Ov23liqmohfBdEpL34Ii",
"x-oauth-scopes": "read:user, user:email",
"x-ratelimit-limit": "5000",
"x-ratelimit-remaining": "4999",
"x-ratelimit-reset": "1751545835",
"x-ratelimit-resource": "core",
"x-ratelimit-used": "1",
"x-xss-protection": "0"
},
"status": 200,
"url": "api.github.com/user",
"url_params": {}
}`,
metadata: {
randomId: "ix8md1xq",
},
_receivedAt: "2025-07-03T11:30:48.108Z",
}
Assessing the Data
There are five keys of note:
- Payload
- Signature
- Hash
- Message
- Metadata
- Payload is the response from the platform API.
- Signature, hash, and message are used to verify your notarization. Please see the Verification API π for further instructions on how verify notarized data.
- As seen in Initiating App Links π code example you are able to pass data to be accepted by your backend along with the user response.