Before you start
Before we get you started with the SDK integration, there are a couple things we need to let you know. Batch can work in two modes:
- Fully secure mode
Where Batch runs on the same origin as your website.
- Plain HTTP or multidomain mode
Where Batch runs on its own subdomain.
Please read carefully the requirements of each mode before choosing one. Migrating between the two modes is not possible. You will have to collect the notification permission and tokens from scratch.
Are you in a hurry?
Does HTTPS and TLS have no secret for you and your website?
Great, you can skip straight to the integration, which will be done in what we call the "Fully secure mode".
In order to use the fully secure SDK properly, you need to make sure of three things:
All your webpages are served from the same subdomain
For example, you shouldn't serve your website on both
https://batch.com, but rather make it so any request on the www. sub domain redirects to the root domain.
If you can't deal with that, you need to use the HTTP/Multidomain mode, as notification permissions and subscriptions are limited to the exact subdomain the user is on (you might know this as the "Origin").
All your visitors trying to come on the http version of your website should be redirected on the appropriate https page. HSTS can help with that.
Your site is fully secure, and does not serve mixed content. Simply look for the green padlock in your browser's address bar.
On the other hand, if your website looks like that:
you should either try to fix this issue (Chrome will tell you what's wrong in the "Security" tab of the Inspector), or switch to the HTTP mode.
Do not hesitate to contact our support team if you're unsure about which SDK to use.
If for any reason you cannot use the secure mode, here is a list of the disadvantages you need to be aware of:
- Subscribing to notifications will be more tedious:
Users will have to allow notifications in a popup, which has a negative impact on opt-in rates.
They will also be more frustrated if they want to disable notificaitons, since this will have to be done in a popup too.
<your_app>.via.batch.comwill appear on received notifications, potentially confusing the user.
- Tokens will be granted for the
<your_app>.via.batch.comsubdomain, making them unusuable with another provider.
These limitations are because the Push API does not work on unsecure websites. To work around this limitation, we add an invisible iframe to our secure subdomain in your webpage.
Great! The good news is that the SDK will autodetect what mode is needed in most cases. If you need multi-subdomain support or serve mixed content, you will have to force the HTTP/Multidomain mode yourself: It will be covered in the next page.