Build the pull request structure to receive and respond to requests for access to your user identity system.
Livefyre issues a Pull request to your endpoint URL.
For example, if your Pull endpoint URL is:
https://example.yoursite.com/some_path/?id={id}
the Livefyre Pull request to this endpoint will be:
https://example.yoursite.com/some_path/?id={id}&lftoken={UserAuthToken}
where lftoken
is a JSON Web Token signed with your network key, and {userAuthToken} is the user auth token generated by Livefyre.
Use lftoken
to validate that requests to your Ping for Pull URL were sent by Livefyre and not a malicious agent.
For all incoming requests:
Ensure that the lftoken
query string is present on the request.
Use the validateLivefyreToken
method in the Livefyre libraries to ensure that lftoken
was signed with your Network Key.
If lftoken
is not present, or fails validation, do not allow your endpoint to respond with profile information. Instead, respond with a 403 (Forbidden) status code and no response body.
userAuthToken
is generated by the Livefyre buildUserAuthToken
method for the user, with user id “system”. This user is the first user created for every new network.