{"id":1289,"date":"2026-06-01T17:00:00","date_gmt":"2026-06-01T22:00:00","guid":{"rendered":"https:\/\/tolinku.com\/blog\/?p=1289"},"modified":"2026-03-07T03:49:05","modified_gmt":"2026-03-07T08:49:05","slug":"clipboard-based-deferred-linking","status":"publish","type":"post","link":"https:\/\/tolinku.com\/blog\/clipboard-based-deferred-linking\/","title":{"rendered":"Clipboard-Based Deferred Deep Linking: How It Works"},"content":{"rendered":"\n

Deferred deep linking bridges the gap between a link click and an app install. When a user taps a link, installs the app, then opens it for the first time, deferred deep linking routes them to the right content. The challenge is preserving that link context across the install. Traditional approaches use fingerprinting (matching device attributes) or deterministic identifiers, but both have limitations: fingerprinting is probabilistic and increasingly restricted by privacy regulations, while deterministic matching requires platform-specific APIs.<\/p>\n\n\n\n

Clipboard-based deferred linking is a third approach. It copies a token to the device clipboard when the user clicks the link, then reads it back when the app opens. It is deterministic (100% match accuracy when it works), requires no device fingerprinting, and works across platforms. But it comes with its own set of tradeoffs, particularly on iOS where paste permissions have become increasingly restrictive.<\/p>\n\n\n\n

For the fundamentals of deferred deep linking, see how deferred deep linking works<\/a>. For a comparison of matching techniques, see fingerprinting vs. deterministic matching<\/a>.<\/p>\n\n\n\n

How Clipboard-Based Deferred Linking Works<\/h2>\n\n\n\n

The flow is straightforward:<\/p>\n\n\n\n

    \n
  1. User taps a link<\/strong> on the web (e.g., https:\/\/yourapp.com\/invite\/abc123<\/code>).<\/li>\n
  2. The landing page copies a token to the clipboard.<\/strong> JavaScript writes a short identifier (the deep link context) to the system clipboard using the Clipboard API<\/a>.<\/li>\n
  3. User installs the app<\/strong> from the App Store or Google Play.<\/li>\n
  4. App launches and reads the clipboard.<\/strong> On first open, the app checks the clipboard for a matching token.<\/li>\n
  5. App routes the user<\/strong> to the correct content based on the token.<\/li>\n<\/ol>\n\n\n\n
    Web page (click) \u2192 Copy token to clipboard \u2192 App Store \u2192 Install \u2192 App reads clipboard \u2192 Route user\n<\/code><\/pre>\n\n\n\n
    The token is typically a short string or URL that encodes the deep link destination and any attribution data (campaign ID, referrer, etc.). Some implementations copy the full URL; others copy a compact token that the app resolves via an API call.<\/p>\n\n\n\n
    The Web Side: Copying to Clipboard<\/h2>\n\n\n\n
    Using the Clipboard API<\/h3>\n\n\n\n
    Modern browsers support the Clipboard API<\/a> for programmatic clipboard access:<\/p>\n\n\n\n
    async function copyDeferredLinkToken(token) {\n  try {\n    await navigator.clipboard.writeText(token);\n  } catch (err) {\n    \/\/ Fallback for browsers that block clipboard access\n    fallbackCopy(token);\n  }\n}\n\nfunction fallbackCopy(token) {\n  const textarea = document.createElement('textarea');\n  textarea.value = token;\n  textarea.style.position = 'fixed';\n  textarea.style.opacity = '0';\n  document.body.appendChild(textarea);\n  textarea.select();\n  document.execCommand('copy');\n  document.body.removeChild(textarea);\n}\n<\/code><\/pre>\n\n\n\n
    When to Copy<\/h3>\n\n\n\n
    The copy should happen in response to a user gesture (tap or click). Browsers restrict clipboard write access to user-initiated events. Attempting to write to the clipboard without a user gesture fails silently or throws an error in most browsers.<\/p>\n\n\n\n
    document.getElementById('install-button').addEventListener('click', async () => {\n  \/\/ Copy the deferred link token\n  await copyDeferredLinkToken('dl_invite_abc123_campaign_summer2026');\n\n  \/\/ Redirect to the app store\n  window.location.href = 'https:\/\/apps.apple.com\/app\/yourapp\/id123456789';\n});\n<\/code><\/pre>\n\n\n\n
    This approach is transparent: the user clicked a button to install the app. The clipboard write happens as part of that action. Some implementations also show a brief toast ("Link copied") to acknowledge the clipboard write.<\/p>\n\n\n\n
    Token Format<\/h3>\n\n\n\n
    Keep the token compact and identifiable. The app needs to distinguish your deferred link token from whatever else might be on the clipboard:<\/p>\n\n\n\n
    \/\/ Option 1: Prefixed token\nconst token = `tolinku:\/\/dl\/invite\/abc123?ref=campaign_summer`;\n\n\/\/ Option 2: JSON payload\nconst token = JSON.stringify({\n  _dl: true,\n  path: '\/invite\/abc123',\n  ref: 'campaign_summer',\n  ts: Date.now()\n});\n\n\/\/ Option 3: Short URL\nconst token = 'https:\/\/tolk.link\/abc123';\n<\/code><\/pre>\n\n\n\n
    Including a timestamp lets the app discard stale tokens (e.g., ignore anything older than 24 hours).<\/p>\n\n\n\n
    The App Side: Reading the Clipboard<\/h2>\n\n\n\n
    Android<\/h3>\n\n\n\n
    Android has no clipboard permission requirement. Apps can read the clipboard freely, though Android 12+ shows a toast notification ("App pasted from your clipboard") when an app reads clipboard content.<\/p>\n\n\n\n
    fun checkClipboardForDeferredLink(context: Context): String? {\n    val clipboard = context.getSystemService(Context.CLIPBOARD_SERVICE) as ClipboardManager\n\n    if (!clipboard.hasPrimaryClip()) return null\n\n    val clip = clipboard.primaryClip ?: return null\n    val item = clip.getItemAt(0)\n    val text = item.text?.toString() ?: return null\n\n    \/\/ Check if it matches our deferred link format\n    if (text.startsWith("tolinku:\/\/dl\/") || text.startsWith("https:\/\/tolk.link\/")) {\n        \/\/ Clear the clipboard after reading\n        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {\n            clipboard.clearPrimaryClip()\n        }\n        return text\n    }\n\n    return null\n}\n<\/code><\/pre>\n\n\n\n
    On Android 12+ (API 31), the system toast notification is automatic and cannot be suppressed. Users see "YourApp pasted from your clipboard" briefly. On Android 13+ (API 33), the clipboard is automatically cleared after a period of time (approximately one hour) for privacy.<\/p>\n\n\n\n
    iOS: The Paste Permission Challenge<\/h3>\n\n\n\n
    iOS is where clipboard-based deferred linking gets complicated. Apple has progressively tightened clipboard access:<\/p>\n\n\n\n
    iOS 14+:<\/strong> Apps that read the clipboard trigger a banner notification: "[App] pasted from [Source App]." This banner is visible to the user and cannot be suppressed.<\/p>\n\n\n\n
    iOS 16+:<\/strong> Apple introduced the UIPasteControl<\/a>, a system-provided button that grants clipboard access only when the user explicitly taps it. Direct programmatic access to UIPasteboard<\/code> without user interaction now triggers a system permission dialog.<\/p>\n\n\n\n
    \/\/ iOS 16+: Reading clipboard triggers a permission prompt\nfunc checkClipboardForDeferredLink() -> String? {\n    let pasteboard = UIPasteboard.general\n\n    \/\/ This triggers a system prompt: "[App] would like to paste from [Source]"\n    guard let text = pasteboard.string else { return nil }\n\n    \/\/ Check for our token format\n    if text.hasPrefix("tolinku:\/\/dl\/") || text.hasPrefix("https:\/\/tolk.link\/") {\n        pasteboard.string = "" \/\/ Clear after reading\n        return text\n    }\n\n    return nil\n}\n<\/code><\/pre>\n\n\n\n
    The system prompt asks the user to allow or deny the paste. If they deny, the app gets no clipboard data.<\/p>\n\n\n\n
    iOS UX Patterns for Clipboard Access<\/h3>\n\n\n\n
    Because iOS now requires explicit user consent for clipboard access, you need a UX pattern that explains why the app wants to read the clipboard:<\/p>\n\n\n\n
    Pattern 1: Contextual prompt before reading<\/strong><\/p>\n\n\n\n
    func handleFirstLaunch() {\n    \/\/ Show an in-app explanation before triggering the system prompt\n    let alert = UIAlertController(\n        title: "Complete Your Setup",\n        message: "We detected you came from a shared link. Allow paste access to take you to the right place.",\n        preferredStyle: .alert\n    )\n    alert.addAction(UIAlertAction(title: "Continue", style: .default) { _ in\n        if let token = self.checkClipboardForDeferredLink() {\n            self.routeToContent(token)\n        }\n    })\n    alert.addAction(UIAlertAction(title: "Skip", style: .cancel))\n    present(alert, animated: true)\n}\n<\/code><\/pre>\n\n\n\n
    Pattern 2: UIPasteControl (iOS 16+)<\/strong><\/p>\n\n\n\n
    \/\/ Add a UIPasteControl to your onboarding screen\nlet pasteConfig = UIPasteControl.Configuration()\npasteConfig.displayMode = .labelOnly\npasteConfig.cornerStyle = .capsule\n\nlet pasteControl = UIPasteControl(configuration: pasteConfig)\npasteControl.target = self\n\/\/ When user taps this system-provided button, clipboard access is granted without the prompt\n<\/code><\/pre>\n\n\n\n
    UIPasteControl<\/code> is a system-rendered button that the user must tap. It bypasses the permission prompt because the tap itself constitutes explicit consent. The downside: you cannot customize its appearance beyond basic configuration, and you need to integrate it into your onboarding flow.<\/p>\n\n\n\n
    Privacy Considerations<\/h2>\n\n\n\n
    Clipboard-based deferred linking has a better privacy profile than fingerprinting in some respects, but it introduces its own concerns.<\/p>\n\n\n\n
    Advantages Over Fingerprinting<\/h3>\n\n\n\n