Logo

Architecture

How the Shop boots from a signed URL and the partner trust boundary.

The Shop boots from a signed URL. The partner's backend holds the secret and signs the handshake; the partner's app/frontend never sees the secret.

Authentication Flow — Sequence Diagram
End UserPartner AppPartner BackendBluecom ShopBluecom Auth1Tap "Buy eSIM"2Request handshake token3HMAC-SHA256(secret, userId:ts)4{ token, userId, timestamp }5Open Shop URL + params6POST /provider/signin7Verify HMAC ±5 min8Session cookie (httpOnly, 24h)9Renders branded storefront

Trust boundary

ComponentHolds secret?Talks to
Partner backendYesPartner app only
Partner app/frontendNoPartner backend, Shop URL
Bluecom Shop (browser/webview)NoBluecom Auth
Bluecom AuthVerifies HMACInternal

See Authentication for the full token contract.

Overview

What Bluecom eSIM Shop is and how the pieces fit together.

Onboarding

From signed agreement to staging-ready in ~5 business days.

On this page

Trust boundary