Last updated: 2026-02-16
This document explains how to integrate with a GET-style backend for:
- account linking
- session authentication
- barcode payload retrieval
- balance-drop-driven fulfillment confirmation
This is intentionally implementation-agnostic so it can be reused for a clean rebuild.
Most GET integrations expose logical service groups:
authenticationusercommerce
Calls are usually JSON-based RPC-style methods, not REST resources.
A generated deviceId + PIN pair owned by your app and tied to the user’s GET account.
A raw string from GET that is rendered into a PDF417 barcode on the client.
- User completes GET validation flow and provides a validated URL or token.
- Backend extracts a session identifier from that URL/token.
- Backend creates device credentials in GET.
- Backend verifies those credentials by authenticating once.
- Backend stores device credentials encrypted at rest.
- Backend authenticates with GET using device credentials.
- Backend receives a short-lived session token.
- Backend uses that session for downstream GET calls.
- Backend caches session briefly and refreshes on expiry/error.
For demos/testing, bypass stored credentials and supply temporary auth per request:
- session token / validated URL directly, or
- deviceId + PIN headers
No persistent credential storage is required in demo mode.
Common RPC envelope pattern:
- Request body:
method+params - Response body: either
responseorexception
Integration best practices:
- treat
exceptionas a typed error - normalize external errors into internal categories
- retry only transient failures
Use consistent error buckets:
authentication_error: invalid/expired credentialsauthorization_error: user not allowed to access resourcetransient_upstream_error: timeout/temporary failurevalidation_error: malformed inputsinternal_error: unexpected server issue
Recommended defaults:
- retry transient upstream errors only
- 2-3 retries max
- short exponential or linear backoff
- no retries for validation/auth failures
- Backend requests current barcode payload from GET.
- Client receives payload string.
- Client renders payload as PDF417.
- Client supports:
- manual refresh
- auto-refresh timer
- visible "last fetched" timestamp
The integration may call this “QR” in product language, but payload rendering is PDF417.
Typical flow:
- Donor accepts request in code fulfillment mode.
- Backend records code issue time and expiry.
- Requester opens scan screen and polls for scan state.
- Backend returns one of:
active(payload available)completedunavailable
- On first successful code display, backend captures a baseline balance.
- On subsequent polls, backend reads current balance and compares it to baseline.
- If balance has dropped, request is marked as completed.
Notes:
- Balance drop detection should be tied to the expected account/tender scope.
- This approach avoids transaction-history dependencies but can produce false positives if unrelated spending occurs during the scan window.
GET /get/status- linked state, default mode, last validation
POST /get/connect- link account using validated URL/token
POST /get/disconnect- unlink account and revoke remote device when possible
GET /get/barcode- fetch latest payload for rendering
GET /get/testing(optional)- diagnostics endpoint for accounts, payload, and balance monitoring
- store GET secrets only server-side
- encrypt credentials at rest with authenticated encryption
- rotate encryption key with migration strategy
- never log raw deviceId, PIN, or session token
- strictly separate demo mode and production mode
- rate-limit auth and scan endpoints
Track at minimum:
- GET auth success/failure rate
- barcode fetch latency/error rate
- balance-read latency/error rate
- fulfillment completion lag
- retry counts and final failure causes
- Credential encryption and key management finalized.
- Auth/session retry policy validated under load.
- Scan-state logic tested for false positives/duplicates.
- Feature flags in place for safe rollout.
- Audit logs and alerting configured.