OpenTV ION
OpenTV ION
Breadcrumbs

Self-care portal integration guide

Introduction

This document explains how the web application integrates with the TV application via WebView.

It covers authentication payloads, communication protocols, and supported message events.

Integration flow

  1. TV app opens WebView.

  2. TV app injects authentication data along with additional information.

  3. Web page validates session.

  4. Web page sends events/messages to TV app.

  5. TV app performs native actions like reload/collapse.

Messages sent from web page → TV app

The TV app handles the messages received from web page. It expects a JSON string in a message with a key/value pair.

Recommended format:

'{"key":"value"}'

Message Key

Description

Payload

REFRESH_WEBVIEW

Refreshing the webView

'{"REFRESH_WEBVIEW":"TRUE"}'

COLLAPSE_WEBVIEW

Close the webView

'{"COLLAPSE_WEBVIEW":"TRUE"}'

ID_TOKEN_EXPIRED

Reload the webView with new id_token

'{"ID_TOKEN_EXPIRED":"TRUE"}'

Key navigation within WebView

The webpage should handle the user key navigation (TV remote) for navigating between the components and accessing them inside the WebView component.

Mandatory security requirements

  • Always use HTTPS

  • Never log auth tokens

  • Sanitize payloads

  • Token expiration handling

High-level design flow

Screenshot 2026-02-25 at 2.26.21 PM.png


WebView back key handling

Screenshot 2026-02-25 at 3.46.06 PM.png


WebView security and cache properties from ION

Feature

Affects Cookies

Affects Cache

Private Session

Platform

incognito

Clears all

Clears all

Yes

Android / iOS

cacheEnabled={false}

No

Disk only

No

Android / Limited iOS

cacheMode="LOAD_NO_CACHE"

No

Ignores HTTP cache

No

Android only

thirdPartyCookiesEnabled

Controls 3rd-party only

No

No

Android / Limited iOS

incognito

The incognito property creates a non-persistent WebView session.

Clears all cookies, cache, and localStorage when unmounted.

cacheEnabled

Disables WebView disk cache.

cacheMode="LOAD_NO_CACHE"

Ignores HTTP cache completely.

thirdPartyCookiesEnabled

Controls whether the WebView accepts third-party cookies (cookies set by a domain other than the main page).

Platform configuration changes

JSON
"selfCarePortal": {
    "enable": true,
    "portalUrl": "https://154.66.104.252:8095/iristvapp/index.html?boxId=30EB251A6FDF&template=iptv",
    "authenticationUrl": "",
    "sendIdTokenInQuery": true
}

Configuration

Description

enable

Shows the WebView only when enabled.

portalUrl

URL to be loaded in the WebView

authenticationUrl

URL used to retrieve the id_token

sendIdTokenInQuery

Determines how the id_token is passed to the WebView

sendIdTokenInQuery = true

The following parameters are sent as query parameters:

https://example.com?id_token=xyz&account_id=accountId&locale=en_GB

Parameter

Description

id_token

Authentication token used for authorization on the web page

account_id

Identifies the associated account.

locale

Identifies the selected locale in the TV app so that the web page can use the same locale.

Supported locale values:

  • "en_GB"

  • "fr_FR"

  • "es_ES"

  • "zh_SG"

  • "ar_AR"

sendIdTokenInQuery = false

The id_token is sent in the request headers. Note: only the id_token header key is configurable.

Sync Block