How to Create Deep Links with DyLy
DyLy is a service that shortens URLs and makes it easy to create deep links.
This article explains how to efficiently create deep links with DyLy.
What Is a Deep Link
A deep link is a mechanism that opens an app directly instead of the browser when the link is accessed. If the app is not installed, it can send users to the app store and open the specified page after installation.
Apple officially supports a seamless transition from browser to app with Universal Links, and Google offers a similar experience with Android App Links. As explained in the Apple Universal Links guide and the Google Android App Links documentation, deep links not only improve user experience but also contribute to better security and conversion rates.
Use Cases
Deep links have many ways to be leveraged.
Direct Links to Content such as Videos
You can share links on social media and take users straight to specific content. While this is normal on the web, deep links let mobile apps open in-app content directly. You can also attach query parameters to track metrics such as which channel users came from.
Invitation Links
Deep links can invite someone to a group or similar space within an app. When recipients click the link, the app opens and the invitation process begins. If the app is not installed, users are guided to the app store, and after installation the invitation flow can resume.
Redirects
When designating an app as the redirect destination for OAuth or similar flows, one option is to use a custom scheme (such as myapp://), but that may expose you to data interception. Instead, you can receive the redirect in your app via a deep link.
Implementation
Let us walk through how to implement deep links in practice. There are many services that create deep links, but we will use DyLy here.
Create Metadata
You need to associate your domain with your application. For details, refer to the Apple documentation and the Google documentation. In short, you host an endpoint on the web that proves domain ownership and links it to your application so Apple and Google can verify the relationship.
All you have to do is return JSON in the prescribed format. You could host it yourself on something like S3, but DyLy also provides a feature that makes this easy.
DyLy can create what it calls a JSON link, which simply returns the JSON you specify at the linked destination. You can send a request like the following via the API.
1curl -X POST "https://dyly-api.lilacwells.com/url/api/v1/links" \2 -H "Authorization: Basic ${YOUR_CREDENTIALS}" \3 -H "Content-Type: application/json" \4 -d '{5 "type": "json",6 "projectId": "your-project-id",7 "path": ".well-known/apple-app-site-association",8 "rawJson": {9 "applinks": {10 "apps": [],11 "details": [12 {13 "appIDs": ["TEAM123.com.example.app"],14 "paths": [15 "NOT /_/*",16 "NOT /deferred-params",17 "/*"18 ]19 }20 ]21 }22 }23 }'App-Side Configuration
Next configure your apps according to each OS.
iOS
In Xcode, add Associated Domains under Signing & Capabilities and register the domain, for example applinks:example.com.
Android
Add <intent-filter android:autoVerify="true"> to AndroidManifest.xml and validate the domain with android:autoVerify.
When accessed through a browser, you can configure the link to redirect to any URL you like.
Create the Link
Finally, create a link in DyLy.
Setting type to deep creates a deep link as shown below.
1curl -X POST "https://dyly-api.lilacwells.com/url/api/v1/links" \2 -H "Authorization: Basic ${YOUR_CREDENTIALS}" \3 -H "Content-Type: application/json" \4 -d '{5 "type": "deep",6 "projectId": "your-project-id",7 "path": "groups/awesome-group",8 "destinationUrl": "https://apps.apple.com/app/yourapp/id123456",9 "jwtClaims": {10 "invitationId": "inv-789xyz",11 "invitedBy": "user-123",12 "groupId": "awesome-group",13 "groupName": "Awesome Group",14 "permissions": "member",15 "timestamp": 173589440416 },17 "jwtExpiresIn": 300,18 "expiresIn": 2592000,19 "keyProtected": false,20 "oneTime": false21 }'The values placed in jwtClaims are embedded in the JWT, so handle them carefully.
Once the deep link is created, DyLy generates a link that appends a JWT as a query parameter.
Handling the Link Inside the Application
After a user clicks the link you created, the application will receive it. Process it using the steps below.
Verify the JWT
Confirm that the link was genuinely issued by DyLy.
Before that, let us briefly review what a JWT is. A JWT is, simply put, JSON with a signature. By validating the signature, you can verify the issuer and ensure the payload has not been tampered with.
Anyone can create links, so you must distinguish non-genuine ones. Official links are signed with DyLy's private key, and your app can verify the signature to confirm the link is legitimate and that the payload remains intact.
DyLy adopts the widely used JWT technology so you can rely on existing JWT libraries for signature validation.
Therefore, the application should first verify the JWT when it receives the link.
Check the Parameters
Once the signature is verified, extract the payload and perform the necessary actions.
For invitation links, for example, you would read the group ID or similar identifiers.
Note that while JWTs have signatures, their contents are not encrypted (there are encrypted JWTs, but that is a different format).
This means anyone can read the payload of the JWT. Do not store sensitive information, such as personal data, in the JWT. For an invitation link, keep only identifiers like the group ID in the token and store detailed information on the server side.
Deferred Deep Link
When a user clicks the link on a device where the app is not installed, they are redirected to the app store, and after installation they can open the deep-linked page. This is called a deferred deep link. DyLy can implement this as well.
First, a user taps the link on a mobile device without the app installed. Because the app is missing, the link executes in the browser and reaches DyLy's servers. DyLy records information such as the device's IP address and OS, then redirects the user to the app store.
When the app launches for the first time after installation, it asks DyLy whether that device accessed the link beforehand. DyLy checks the request's IP address and OS information to determine if there was a pre-install access and, if so, returns the corresponding deep link to the application.
In this way, the app can retrieve the deep link information during the initial launch after installation.
For more details, refer to DyLy's official documentation.
Summary
DyLy makes it straightforward to implement deep links. Next time we will dive deeper into building invitation links and other concrete scenarios.
