Introduction
With our anonymous token system, we allow users to use our paid ad-free service without us being able to link searches to the users' key. Tokens are withdrawn from the key using a blind signature scheme similar to that of GNU Taler. The blinded tokens are then saved on the users' device and redeemed when needed.
The token system requires usage of the mobile app or webextension (or a compatible third-party implementation).
Protocol (MetaGer Usage)
This should contain all that's needed to implement a user agent implementation able to use our token system. Feel free to contact us.
Tokenauthorization Cookie
In order to use the token system, the user agent needs to set a cookie named "tokenauthorization" which signifies the key's current fill level (because the MetaGer server can't know it). This is used to show key status in the user interface.
| Cookie Value | Number of Tokens in Key Remaining |
|---|---|
| empty | 0 |
| low | 30 or less |
| full | over 30 |
If this cookie isn't set, the token system will not work.
Token Cost
When answering an initial MetaGer search query, the server will set a "cost" cookie if it detects a tokenauthorizsation cookie in the request. It will also redirect to the url from with to receive the actual search results.
The cookie contains the required number of tokens for the current search. A matching number of valid tokens needs to be sent during the request to the redirect target.
Sending Tokens
Tokens are sent via the "tokens" http header. They are encoded as a JSON array of objects containing the token components. Those have to be retrieved from our key server.
[
{
"token": <TOKEN>,
"signature": <SIGNATURE>,
"date": <DATE_AS_SUPPLIED_IN_TOKEN_PUBKEY>,
}
...
]MetaGer Key in Cookies
When using the token system take care not to also transmit a MetaGer key with your request cookies. The MetaGer server will use the key if it is sent.
Extraneous Tokens
If more tokes are sent than required for a search the server will set a "tokens" cookie that contains those unused tokens. We strongly recommend reading those from the cookie and deleting it afterwards.