# Authentication payload

Once the **APP** receives the request confirmation (`auth_wait` and `uuid`), it should tell the user to start its **PKSA** to approve or reject the authentication request before the request expires.

The application must provide the user with out-of-band data. These data will be read by the **PKSA** in order to know which **HAS** server to connect to and to privately share an authentication key (`auth_key`) used to encrypt payloads.

This can be done by providing the user with a deep link or QR code representation of that deep link.

To create the deep link:

1\. Create an `auth_payload` object:

### auth\_payload

```javascript
{
    account: string
    uuid: string,
    key: string,
    host: string
}
```

{% tabs %}
{% tab title="Properties" %}

* **`account`**: the username of the account performing the authentication.
* **`uuid`**: the request identifier received with the `auth_wait` reply.
* **`key`**: the app-generated `auth_key` (see [Encryption Key](https://docs.hiveauth.com/developer-documentation/has-for-applications/encryption-key-auth_key))
* **`host`**: URL of the **HAS** server the **APP** is connected to (ex: "wss\://has.hiveauth.com")
  {% endtab %}
  {% endtabs %}

2\. Convert the `auth_payload` object to a base64 string (`auth_payload_base64`)

The URI for the deep link will be:\
`has://auth_req/{{auth_payload_base64}}`

**Example:**

The following auth\_payload

```
{
    "account":"arcange",
    "uuid":"9b0e2dc3-f574-4766-abdd-c429dce11284",
    "key":"03f63469-5a35-47cb-a6b4-e8c4d3144cf9",
    "host":"wss://has.hiveauth.com"
}
```

will generate the following URI:

`has://auth_req/`eyJhY2NvdW50IjoiYXJjYW5nZSIsInV1aWQiOiI5YjBlMmRjMy1mNTc0LTQ3NjYtYWJkZC1jNDI5ZGNlMTEyODQiLCJrZXkiOiIwM2Y2MzQ2OS01YTM1LTQ3Y2ItYTZiNC1lOGM0ZDMxNDRjZjkiLCJob3N0Ijoid3NzOi8vaGFzLmhpdmVhdXRoLmNvbSJ9

and will produce the following QR code

![](https://images.hive.blog/0x0/https://i.imgur.com/nYcCKtd.png)