Secure Redirect Quickstart Guide

Nova Credit provides a "Secure Redirect" feature, which allows you to send consumers from your application to a Nova Credit-hosted page to complete NovaConnect. When they finish, they are automatically redirected to a URL you specify so they can continue your application flow.

This document provides information on how to interact with the Nova Credit API to use the Secure Redirect functionality. For more general information about the Nova Credit APIs, view your corresponding quickstart guide.

Where to configure Secure Redirect Beta

To enable and configure Secure Redirect functionality, please contact your Nova Credit Representative. Our support team will assist you in setting up the necessary configurations to use this functionality.

OpenAPI Specification

Nova Credit Secure Redirect API documentation is available as an OpenAPI Specification you can download using the link below.

Download Nova Credit Secure Redirect API OpenAPI Specification version 0.0.2

How to redirect the consumer to Nova Credit

Step 1: Generate a secure redirect link

Call the POST /secure-redirect endpoint to generate a secure redirect link. See the OpenAPI Specification above for request and response details.

Step 2: Send the consumer to Nova Credit

To redirect the consumer in the same tab, use the redirectUrl from the secure redirect endpoint response body with one of the following JavaScript methods:

window.location.replace(redirectUrl);

window.location.href = redirectUrl;

To redirect the consumer via form POST, we recommend setting up a hidden form with action set to the returned redirectUrl, an input with name set to token, and value set to the returned redirectToken. Then use JavaScript to submit the form so the consumer is redirected to Nova Credit.

<form id="redirect-form" method="POST" action="{redirectUrl}">
	<input type="hidden" name="token" value="{redirectToken}" />
</form>

document.getElementById('redirect-form').submit();

How Nova Credit will redirect the consumer back to your application

When the consumer finishes NovaConnect, they are redirected either to the dynamic completeUrl you provided in the POST /secure-redirect request body or to the static completeUrl configured on your account if no dynamic URL was provided.

The completeUrl parameter supports a [token] placeholder to indicate where the signed JWT with the widget outcome will be placed. The signed JWT contains the following header and payload claims:

Header claims

alg [string] Algorithm used to sign the JWT.
kid [string] Identifier of the JWK used to sign the JWT. Use this value to fetch the corresponding JWK from the GET /jwkset endpoint and verify the JWT signature.

Payload claims

publicToken [string] The unique identifier for the consumer's report. Use this to retrieve the report via the existing API.
outcome [string] The widget outcome at the time of the redirect. Possible values SUCCESS, EXIT, ERROR.
status [string] The visit status at the time of redirect. Available when outcome is SUCCESS.
error [string] The widget error. Available when outcome is ERROR.
redirectArgs [string] The value passed in the redirectArgs field during the POST /secure-redirect request.
iat [string] Issued-at timestamp (standard JWT claim).
exp [string] Expiration timestamp (standard JWT claim).

Nova Credit supports two redirect mechanisms: GET and form POST.

If your account is configured to use GET redirect and completeUrl is set to https://www.yourdomain.com/path?jwt=[token], the consumer is redirected to your application with:

HTTP method: GET
URL: https://www.yourdomain.com/path?jwt=eyJhbGciOiJSUzI1NiIsImtpZCI6InBheWxvYWRTaWduUnNhIiwidHlwIjoiSldUIn0.eyJpYXQiOjE3NzkzMDgxMTMsImV4cCI6MTc3OTMwODcxMywib3V0Y29tZSI6IlNVQ0NFU1MiLCJzdGF0dXMiOiJQRU5ESU5HIiwicHVibGljVG9rZW4iOiIyODQ0MDYxOS02ZDYwLTRmY2QtYTM1OS03ZGNhYWZjY2NhYTUiLCJyZWRpcmVjdEFyZ3MiOiJhcmdzLXlvdS1wcm92aWRlZCJ9.dU1IpxqUd5JUAW7up7lJ2CA7P_B_RLXzUdPerNQqUNYJuxegZXK87vj11teY9emM2Xs5M2t8rQx0MTMv640c_MYJSENXylwImsqy37vseVOaiZmUdEoCQX7ihynVPFobmxPWkPNe66OTS9lu8Y9_8CQmNSFx1j9gXLdnVtdtXDfMEAoORR_-5v9QvXuRWrferEvyDGGPc3eyc2ayyU0AFILmvIq8TOc90vAgWevHp-y_WBKWs8aUqBhfoFoDYN_Gr8h3YQs3jav2rJDdL46b6sV94_DHkgkc2zb0CMVhhLEgVkMHs2wY9N8DUgtmqLc2vfOCyLXws6eVHKhSQ5S6PA
Request body: None

If your account is configured to use form POST redirect and completeUrl is set to https://www.yourdomain.com/path, the consumer is redirected to your application with:

HTTP method: POST
URL: https://www.yourdomain.com/path
Request body (JSON with a single token field containing the signed JWT):

{
	"token": "eyJhbGciOiJSUzI1NiIsImtpZCI6InBheWxvYWRTaWduUnNhIiwidHlwIjoiSldUIn0.eyJpYXQiOjE3NzkzMDgxMTMsImV4cCI6MTc3OTMwODcxMywib3V0Y29tZSI6IlNVQ0NFU1MiLCJzdGF0dXMiOiJQRU5ESU5HIiwicHVibGljVG9rZW4iOiIyODQ0MDYxOS02ZDYwLTRmY2QtYTM1OS03ZGNhYWZjY2NhYTUiLCJyZWRpcmVjdEFyZ3MiOiJhcmdzLXlvdS1wcm92aWRlZCJ9.dU1IpxqUd5JUAW7up7lJ2CA7P_B_RLXzUdPerNQqUNYJuxegZXK87vj11teY9emM2Xs5M2t8rQx0MTMv640c_MYJSENXylwImsqy37vseVOaiZmUdEoCQX7ihynVPFobmxPWkPNe66OTS9lu8Y9_8CQmNSFx1j9gXLdnVtdtXDfMEAoORR_-5v9QvXuRWrferEvyDGGPc3eyc2ayyU0AFILmvIq8TOc90vAgWevHp-y_WBKWs8aUqBhfoFoDYN_Gr8h3YQs3jav2rJDdL46b6sV94_DHkgkc2zb0CMVhhLEgVkMHs2wY9N8DUgtmqLc2vfOCyLXws6eVHKhSQ5S6PA"
}

Where to configure Secure Redirect Beta​

OpenAPI Specification​

How to redirect the consumer to Nova Credit​

Step 1: Generate a secure redirect link​

Step 2: Send the consumer to Nova Credit​

How Nova Credit will redirect the consumer back to your application​

Relevant links​