Personalization implementation for mobile apps with authorization
- mobile app has registration with log-in and log-out functionality
- (optional) mobile app has user sessions (logged-in user session expires after some time)
- backend handles authorization process - your platform contains unique IDs of end users
- you use Infobip's web portal or push API for targeting users over push by their unique IDs or by tags / segments they belong to
Every installation of the mobile app generates a new push registration ID. This ID should be linked to a unique person ID when an authorize/register/log-in API call is made from the mobile app to your backend.
-
Subscribe to
registrationUpdatedevent and wait for its invocation -> that's the time when library gets connected to Infobip's backend (push registration ID is generated) -
When a user successfully performs registration / log in -> you need to implement
personalizecall with the parameterforceDepersonalize = falseover mobile app or backend API. In this case, it is assumed that until the moment of login a device was owned by an anonymous person; there was no authorization session in the application. Thepersonalizecall adds unique ID and additional information to the user profile.In case your app has a scenario when a user can log in to their account while the app still has a session with another user, you need to link that device to a new person, and, simultaneously, unlink a device from a previous person. So, when a user performs registration / login and user's ID is different from what was connected to the device -> you need implement
personalizecall with the parameterforceDepersonalize = trueover mobile app or backend API. -
When user performs an explicit log out -> implement
depersonalizecall over mobile app or backend API. The depersonalize call detaches user data (IDs and other personal data) from a device and connects it to an anonymous profile. -
For applications with user sessions, keep the user's device personalised while a user's session has not expired. That will keep the possibility of sending messages targeted to the user. Also, when an authorised user with active session updates application with Infobip SDK for the first time, you need to personalize that device and link it to the authorised user. For that listen to the
registrationUpdatedevent and, once it comes, performpersonalizecall with the parameterforceDepersonalize = trueover mobile app or backend API. When a user session has expired and another user might use the app -> calldepersonalizeover mobile app or backend API to avoid sending messages targeted to the previous user.
Our Mobile Messaging SDK, together with the Infobip Customer Data Platform (CDP) connects multiple devices logged in / personalized with the same User ID to the same persona. Once you implement the above-mentioned flow, push notifications sent to a user by default will be targeted to all devices connected to that person. However, you can set a device as Primary to send mobile push notifications to primary devices only.
To target a single primary device of a person using a unique ID, set at least one device as Primary over mobile app or backend API.
When sending a mobile push over the Send push API, set the parameter targetOnlyPrimaryDevices: true.
In case you would like to restrict updates of personal data or access to it from mobile app, and have enabled limitations on Application profile, use only banked API calls in recommended flow, described above. This approach is recommended for financial organisations and other apps operating with sensitive data. Below is a diagram describing the implementation for user identification and device management over backend.
