Skip to main content

How it works

When a user clicks a link on the Marketplace or your Integration, we will append a parameter to the URL containing a JWT (JSON Web Token). This token can then be used on the gated store to check if the user is verified to see the discounts.This token is signed by us, which means:
  • It cannot be tampered with
  • It is valid for 5 minutes, meaning it cannot be shared around
  • It contains information about the user so that we can check they are verified with Student Beans

Steps to set up

  1. Create a page with discounted products that you want verified users to get access to
  2. Block access to this page (directions below)
  3. Give your Pion contact the URL of the gated page
  4. Pion will set up your gated discount with the URL you provided

How to gate your page

  1. We will navigate users to the page that is created with a query string parameter (token) named t, this parameter will contain a JWT. For example, in this URL below…
    https://educationstore.com/shop?t=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

    This is the JWT. It’s everything that appears after the ‘t=
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJyZXR1cm5fdXJsIjoiaHR0cHM6Ly93d3cuc3R1ZGVudGJlYW5zLmNvbS8ifQ.hOeZ49y1J_nv1ZpOmhm1JVLzLBm0BUgaZ8ywx_dxaEU
  1. You’ll need to extract the token from the query string.
  2. Use this token to send a request back to Student Beans so we can validate it. Below is an example curlrequest:
curl -X POST \
https://graphql.studentbeans.com/graphql/v1/query \
-H 'Content-Type: application/json' \
-d '{
"query": "mutation VerifyJwt($input: VerifyJwtInput!) { verifyJwt(input: $input) { valid } }",
"variables":{
 "input":
   {
     "jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
   }
 }
}'
  1. You will then receive one of two responses from us, both with status code 200.
Valid response (user receives access to page): 
{
  "data": {
    "verifyJwt": {
      valid: true
    }
  }
}
Invalid response (user doesn’t gain access to page): 
{
  "data": {
    "verifyJwt": null
  },
  "errors": [
    {
      "message": "Invalid token",
      "locations": [
        {
          "line": 2,
          "column": 3
        }
      ],
      "path": [
        "verifyJwt"
      ]
    }
  ]
}
If an invalid response is given, the user should be redirected back to the offer in order to regenerate a valid token. This can be done following the steps below:
  1. Decode the JWT
  2. Redirect the user to the return_url field