arrow_back API Documentation

PlanetGraph Login+

Turn every sign-up and login into richer context for your product.

Instead of starting with a blank profile, connect your app to a living graph where PlanetGraph records relationships for future insights.

BenefitRegular Login / Sign upPlanetGraph Login+
User informationOnly what the login provider gives you (name, email, profile picture)Rich context about the user and their relationships in the graph
EnrichmentAsk the user for more information or integrate with 3rd-party servicesAll-in-one: login / sign-up and enrichment are combined
UpdatesAsk the user to update their informationPlanetGraph automatically updates user's information when it changes
De-duplicationImplement yourselfPlanetGraph automatically de-duplicates based on graph relationships

Quick Start: Client-Side JavaScript

Use the hosted widget when you want to start PlanetGraph Login+ from inside your own app UI. The widget renders a PlanetGraph sign-in button and opens a PlanetGraph-hosted popup for the actual authentication flow.

<script
  src="https://planetgraph.ai/widgets/login-plus.js"
  data-app-id="APP_UUID"
  data-button-text="Sign in with PlanetGraph">
</script>

For single-page apps or custom UI, mount it explicitly and choose a result mode:

<div id="planetgraph-login"></div>
<script src="https://planetgraph.ai/widgets/login-plus.js"></script>
<script>
  PlanetGraphLogin.mount('#planetgraph-login', {
    appId: 'APP_UUID',
    state: 'APP_GENERATED_STATE',
    resultMode: 'web_message',
    onSuccess(result) {
      console.log(result.person_id)
      console.log(result.login_token)
    }
  })
</script>
See the live demo arrow_forward

Quick Start: Hosted Redirect

  1. Your app sends the user to https://planetgraph.ai/login_with?app_id=YOUR_APP_UUID&state=YOUR_STATE.
  2. The user signs up or logs in using their preferred provider.
  3. PlanetGraph fetches all the information it has on the user, subject to access policies, and links your app to the user.
  4. PlanetGraph redirects back to your specified callback URL with rich information on the user.

This hosted redirect flow remains supported. It is the simplest backend-oriented integration and requires a callback URL on the app node. It uses the same signed callback token as the JavaScript widget's default callback mode.

Managing Apps

Create and review PlanetGraph Login+ apps from the app dashboard. App definitions are graph nodes, so they can also be managed through the graph API.

apps My Apps

App Node Properties

PropertyRequiredDescription
nameYesDisplay name shown on the PlanetGraph Login+ page.
descriptionNoShort app description shown to the user before login.
logo_urlNoURL for the app logo displayed on the login page.
auth_methodsNoAllowed methods such as email, Google, and GitHub. Defaults to all methods.
permissionsNoRequested data permissions for the app.
allowed_originsNoBrowser origins allowed to start client-side JavaScript and web_message flows, such as https://client.example.com.
callback_urlNoURL on your server that receives the login result in hosted redirect or callback result mode.

Callback

For callback result mode, PlanetGraph redirects the user's browser to your app's callback_url with an HTTP GET request. The callback data is sent as URL query parameters; no request body is sent.

If your callback URL already has query parameters, PlanetGraph preserves them and appends the login result parameters.

The optional state value is generated by your app before redirecting to PlanetGraph. PlanetGraph returns the same value in both the callback query string and signed token so your server can match the callback to the browser session that started the login.

Query ParameterDescription
person_idUUID of the PlanetGraph Person node for the authenticated user.
app_idUUID of your PlanetGraph app node.
login_idUUID of the logged_into edge for this login event.
auth_methodAuthentication method used for this login.
stateOptional value supplied by your app and returned unchanged for callback/session matching.
login_tokenShort-lived signed token your server should verify before trusting the callback.

Security

Every callback includes a short-lived signed login_token. The token binds the Person ID, App ID, login ID, auth method, optional state, issue time, and expiration time to the callback so your server can confirm the login result came from PlanetGraph before trusting it.

Your callback handler should read the login_token and state from the callback query string, verify the token server-side, and confirm the returned state matches the browser session that initiated login before creating a session or updating local user data.

web_message mode sends the same signed login result to the opener window using postMessage. Use it for client-side personalization, prototypes, or flows that immediately forward login_token to your backend. Do not create a privileged or durable session solely from browser-delivered data.

POST/api/v1/login-with/callback-token/verify

Submit the login_token to verify the signature and expiration, then use the verified payload returned by PlanetGraph.

Endpoints

GET/api/v1/login-with/apps/{app_id}

Read public app metadata for the login page.

POST/api/v1/login-with/apps/{app_id}/complete

Complete an authenticated login and return either a callback redirect URL or a web_message payload.

POST/api/v1/login-with/callback-token/verify

Verify a signed callback token before trusting the login result.

GET/api/v1/login-with/apps

List apps owned by the current PlanetGraph account.

POST/api/v1/login-with/apps

Create an app node configured for PlanetGraph Login+.