Crossite data sharing challenge

[FrontSK]

Context:
Payment app (main) uses cookies to track if client used it before. "user_id" from cookie is simple, randomly generated string with no useful information. I have to get rid of the cookies.

Plan is:

1. To create sdk in order to add payment app as a module to another web application - possibly shop.
2. To open payment app in iframe to achieve the same result as mentioned in point 1.
3. Main app must work the same as before - but without cookie.

I need to have access to "user_id" from main app, sdk app and from the iframe version of the app. Is that possible? Shared Storage may be something what i need? Is there any better way?

[johannhof]

Hi @FrontSK, have you looked into Private State Tokens? Those allow your site to issue a number of tokens for consumption in cross-site/third-party contexts, they could, for example, convey a trust signal for your payment app.