Integrating Your Application's Frontend

This page describes the steps to integrate your application's frontend with GCP Marketplace. The frontend integration helps give your customers a smooth experience when they go from GCP Marketplace to your application.

Creating a sign-up page for new users

When users choose your solution from GCP Marketplace, they are directed to a sign-up page that you create. In this sign-up page, they create an account in your system.

When users click the link to sign up, Google sends an HTTP POST request to your sign-up page, and sends a JSON Web Token (JWT) in the x-gcp-marketplace-token parameter. The JWT contains the user's procurement account ID, which identifies them as a Google Cloud user. You must use this ID to link the user's Google account to their account in your system.

If you are new to JWT, see the JWT introduction.

Verifying the JWT

The JWT payload is in the following format:


  "alg": "RS256",
  "kid": "KEY_ID"


  • alg is always RS256
  • kid indicates the key ID that was used to secure the JWT. Use the key ID to look up the key from the JSON object in the iss attribute in the payload.


  "iss": "",
  "iat": CURRENT_TIME,
  "exp": CURRENT_TIME + 5 minutes,


  • sub is the user's Google account ID. You must use this ID to link the user's Google account to their account in your system.
  • iss identifies the sender of the JWT. The URL in the iss claim links to a public key from Google.
  • exp indicates when the token expires, and is set to 5 minutes after the token is sent.
  • aud is the domain that hosts your solution, such as

When you receive the JWT, you must verify the following:

  1. Verify that the JWT signature is using the public key from Google.

  2. Verify that the JWT has not expired, by checking the exp claim.

  3. Verify that aud claim is the correct domain for your solution.

  4. Verify that the iss claim is

  5. Verify that sub is not empty.

Integrate single sign-on (SSO) for your customers

When customers sign up for your solution, they must be able to sign in to your application without entering a different username and password.

The SSO integration uses JSON Web Tokens (JWT) to authenticate users. If you are new to JWT, see the JWT introduction.

To set up the SSO integration:

  • Add the URL for your dashboard or web interface to your solution in Partner Portal, in the Plans and Features section.

  • In your application's web interface, add code to verify the JWT payload that is sent to your application when users sign in from GCP Marketplace.

    The format of the JWT for authentication is the same as the JWT sent when users first sign up for your application, described in Verifying the JWT.

Was this page helpful? Let us know how we did:

Send feedback about...

GCP Marketplace Partners