Documentation Index
Fetch the complete documentation index at: https://guide.cloud.blnkfinance.com/llms.txt
Use this file to discover all available pages before exploring further.
This feature is in private beta. If you want access, please contact Support.
What your codebase needs
A Custom App usually has four core parts:| Part | What it does |
|---|---|
| App routes | Endpoints that Blnk Cloud can call during install, uninstall, and launch. |
| Persistent storage | A database or store for saving app install data. |
| Backend logic | Server-side code that calls Blnk Cloud APIs and any external services your app needs. |
| App portal | The user-facing page (UI) that opens inside the Blnk Cloud dashboard. |
Set up app routes
Your app needs routes that Cloud can call to install, uninstall, and launch your app. You can name the routes however you want. The important thing is that each route exists and returns a response.| Route type | Example route | What it does |
|---|---|---|
| Install and uninstall callback | POST /api/callback | Receives install and uninstall events from Blnk Cloud. |
| Portal generator | POST /api/portal | Creates a short-lived portal URL when a user launches the app. |
routes.ts
Store app install data
When a user installs your app, Blnk Cloud sends installation details to your callback route. Your app needs a persistent place to store that data because it will need it later when the app is launched or when it makes API calls.Note: You can use any database you want. For our KYC example, we’ll go with a simple SQLite instance.
| Field | Why you need it |
|---|---|
installed_app_id | Identifies this specific app installation. |
app_id | Identifies the app that was installed. |
organization_id | Tells you which organization installed the app. |
instance_id | Tells you which Cloud instance the app should work with. |
api_key | Lets your backend call Cloud APIs for this installation. Store it encrypted. |
api_key_prefix | Helps you identify the key without exposing the full secret. |
granted_permissions | Tells your app what the user allowed it to do. |
status | Tracks whether the install is active or uninstalled. |
Security and best practices
Custom Apps receive scoped access to a Cloud instance during installation. Design your app so that access is stored safely, used only on the server, and checked before every action.-
Keep the API keys on the server: The
api_keyfrom the install payload should only be used by your backend. Do not expose it in browser code, local storage, cookies, portal URLs, client-side responses, or logs. - Let your backend call Cloud: When the app portal needs data, it should not make requests to Blnk directly. Instead, it should call your backend first, then your backend speaks to Blnk.
-
Encrypt API keys at rest: Store the full
api_keyencrypted. You can storeapi_key_prefixin plain text because it only helps identify the key. Do not use the prefix to authenticate requests. -
Use short-lived portal sessions: When Cloud launches your app, return a fresh
portal_url. Do not return a permanent URL that always opens the app. If a session expires, ask the user to launch the app again from Cloud. -
Sign portal sessions: Use a
SESSION_SECRETto sign portal sessions. -
Check permissions before actions: Store
granted_permissionsfrom the install payload. Before your app performs an action, check that the required permission was granted. For example, an app with onlydata:readshould not perform write actions. -
Validate the install before launch: Before creating a portal session, confirm that the install exists, is active, and matches the
organization_idandinstance_idin the request.
Run the example KYC app
Open the demo repository and follow its README to run the KYC example app this documentation is built around.