Overview
Launch Pad partner integration lets your platform embed path planning, route optimization, and field operations without building or running the underlying systems. Four integration tiers range from a simple deep link to full identity federation, all backed by a public REST API and standards-based OAuth 2.0 authentication.
Each tier works on its own. Most partners start at Tier 1 (One-Click Launch) and add higher tiers later as their needs change. The sections below describe what your end-users experience, what you get as a business, the full breakdown of all four tiers, and a deep dive on Tier 1. The Technical Detail section further down contains the engineering specification.
Developer Portal & API Reference
Full REST API reference, authentication patterns, and getting-started guides for the Launch Pad public API. Reach for this once you start scoping any tier above Tier 1, or any time you need endpoint-level detail beyond what this page covers.
Visit Developer PortalWhat Your Users Experience
In Tier 1, Launch Pad acts as a companion app to your product. It opens in a new browser window with all setup handled in the background, so the user can start work immediately.
No New Sign-Up
Users do not create a Launch Pad account. Their identity comes from your product.
No Second Sign-In
Users are signed in automatically when they open Launch Pad from your application.
No File Uploads to Get Started
The right field and its boundary are already loaded when the user arrives. Boundary handling is one of the biggest blockers when growers adopt external farming tools; a "hyperlink, log in, upload your file" handoff loses most of the value an integration is meant to deliver.
Return Trip (Manual to Start)
When users finish, they download the path-plan file from Launch Pad and upload it to your product. A natural place to automate later via Webhook push or a Custom push integration, reusing the API client you already build for Tier 1.
What You Get as a Partner
Built for businesses and engineering teams that want to embed precision routing without standing up the infrastructure to support it.
One Admin Identity
A single admin user is your identity inside Launch Pad. The same user holds the API key for server-to-server calls and can sign in to Launch Pad directly to inspect, audit, or support a customer.
Consolidated Billing
All usage is collected under a single partner billing account. End-users never see credit balances or invoices inside Launch Pad. You are the billed party; pricing is volume-based and negotiated.
Cross-Customer Admin View
Your admin sees usage, plans, boundaries, and per-user activity for every customer you onboard, all in one place. This is the visibility you need to support customers and reconcile billing.
Four Integration Tiers
Each tier works on its own. Most partners start at Tier 1 and add higher tiers later as their needs change.
Tier 1: One-Click Launch
Users open Launch Pad from your product without signing up, signing in, or uploading a boundary. The right field is already on screen. The finished path-plan file returns to your product through your existing file-import flow.
You build: API calls to create the user, request a launch link, send the boundary, and redirect the browser. Your existing file-import flow accepts the returned file.
Tier 2: API Integration
Full programmatic access to companies, growers, farms, fields, boundaries, path plans, and routes through a REST API. Event notifications on key actions.
You build: A sync layer between your product and Launch Pad. A webhook receiver (preferred) or scheduled polling for the return path.
Tier 3: Embedded UI
Launch Pad screens shown inside your product, in an iframe. Hidden navigation, your brand colors.
You build: An iframe host. A small handshake to pass your brand colors.
Tier 4: Identity Federation
"Sign in with Launch Pad" (or the reverse) using standards-based OpenID Connect. End-user consent and account linking are managed by Launch Pad.
You build: An OpenID Connect client library and a token store.
How Tier 1 Removes Friction
Why Tier 1 Exists
Tier 1 is the difference between an integration and a hyperlink. From the user's view, Path Planning is part of your product: they click a button, do the task, and bring the result back.
To make that work, Tier 1 removes the two highest-friction moments in adopting an external farming tool:
- Account setup (sign-up, sign-in, company selection). Your backend creates and signs in the user behind the scenes.
- Boundary upload. Your backend sends the boundary to Launch Pad through the API before opening the window, so the user arrives with the right field already on screen.
Boundary handling is the more impactful one. It is one of the biggest blockers when growers adopt external farming tools.
Account Model
A Tier 1 engagement is organized like this:
Your identity in Launch Pad is a single admin user
This user holds your API key, has admin visibility across every customer org you create, and can also sign in to Launch Pad directly to inspect, audit, or support a customer. End-users never see this user.
Each customer becomes their own org inside Launch Pad
Populated with the end-users you create. An end-user only ever sees their own org; they never see other partners' customers' data.
Billing is consolidated under your billing account
End-users never see credit balances or invoices inside Launch Pad; you are the billed party.
Cross-customer admin view
Your admin user sees usage by customer org, plan and boundary counts, and per-user activity for every customer in one place. This is the visibility you need to support customers and reconcile billing.
What Users See in Launch Pad
When a user opens Launch Pad through Tier 1, some Launch Pad options do not apply and are hidden:
- No password change, no email or account management, no sign-up. The user has no Launch Pad password; sign-in comes from your product. The change-password screen shows a "Password managed by [Partner]" message, the same way Launch Pad already handles users who sign in through John Deere, Trimble, or CNH.
- No company switcher. The session is locked to a single customer org for that visit.
- Logout is replaced by "Return to [Partner]", which closes the tab or sends the user back to a URL you provide, instead of leaving them on the Launch Pad sign-in page.
The main workflow menu (Plans, Path Planning, Equipment, Compare) stays available because users need it to do the work. Only identity, billing, admin, and account-management options are hidden.
Returning a Path Plan
Once a user finishes a path plan in Launch Pad, the result needs to get back into your product. Four options are available, and they work on top of any tier. Push options are strongly preferred over polling.
Manual Download / Upload
User clicks Download in Launch Pad, then uploads the file into your product.
Best when: Fastest way to start.
Webhook Push
Launch Pad sends each finished plan to a URL you provide, signed with HMAC.
Best when: You want real-time delivery and can host a generic webhook endpoint.
Custom Push
Verge writes a one-off integration that delivers finished plans into your existing API.
Best when: You have an inbound API that accepts credentials but do not want to build a webhook receiver.
Polling Pull
Your backend periodically pulls finished plans from the Launch Pad API.
Best when: Neither push option is workable. Cadence must be conservative.
Hard prerequisite for Manual download/upload: your import flow must accept at least one format Launch Pad emits (ISOXML, Shapefile, KML, or partner-specific formats; confirmed during scoping). Without this overlap, Tier 1 cannot deliver a usable end-to-end flow.
Technical Detail
A non-technical reader can stop here. The rest of this page is the engineering specification: end-to-end flow, redirect URL anatomy, and return-path mechanics.
End-to-End Flow
What happens, step by step, when a partner user opens Launch Pad:
sequenceDiagram
autonumber
participant YU as Partner UI
participant YB as Partner backend
participant LA as Launch Pad API
participant LU as Launch Pad UI
YU->>YB: user clicks "Open Path Plan"
note over YB,LA: Step 1: create LP user if not exists
YB->>LA: POST /api/users (idempotent on externalUserId)
YB->>LA: POST /api/company-accesses (idempotent on user + org)
note over YB,LA: Step 2 (optional): push a boundary
YB->>LA: POST /api/vBoundary/upsert
note over YB,LA: Step 3: request a launch code
YB->>LA: POST /api/partner/launch ({ userId, companyId, returnUrl })
LA-->>YB: { code, expiresInSec: 600 }
YB-->>YU: 302 redirect to https://your-app.vergeag.com/launch?code=...
YU->>LU: browser navigates to /launch?code=...
LU->>LA: POST /api/partner/launch/{code}/exchange
LA-->>LU: JWT + refresh token
note over LU: store JWT in localStorage,
strip code from URL,
navigate to returnUrl
Key Properties
- You authenticate server-to-server with a long-lived credential (the API key on your admin user). The browser never sees the API key.
- The browser only sees a short-lived, single-use, opaque code in the URL (10-minute time-to-live, consumed when exchanged).
- The exchange endpoint requires no login; the code itself is the credential. Launch Pad's UI calls it as soon as the user lands.
- Launch Pad issues a normal user session (JWT + refresh token), stores it in localStorage, and routes the user to the URL you specified.
Standards Alignment
The pattern is OAuth 2.0 Authorization Code Grant, with the interactive consent screen replaced by a server-to-server authorization call from your backend. Modern OAuth terminology calls this back-channel variant the Pre-Authorized Code Flow (introduced in the OpenID for Verifiable Credential Issuance spec).
The short-lived code in the URL and the back-channel exchange for a JWT behave exactly as they do in textbook OAuth; consent is established by the partnership agreement instead of by a per-launch consent dialog.
What the Redirect URL Looks Like
What the user's browser receives (one line, as a Location: header):
https://your-app.vergeag.com/launch?code=lc_R3w9q-Kx7VtNm2bH8sLpYj4eQ6gZc1aXfU0dT5nMoP&returnUrl=%2Fpath-planning%2Fboundary%2Fb3f47e1c-8a02-4d59-9c6e-2f7a8b1d6e09Decoded for readability:
| Component | Value | Notes |
|---|---|---|
| Origin | https://your-app.vergeag.com |
Verge provides the production origin during onboarding. HTTPS is required; plain HTTP is refused. |
| Path | /launch |
Public, unauthenticated route. No prior Launch Pad session required. |
code |
lc_R3w9q-... |
The lc_ prefix marks this as a launch code (distinct from an LP- API key in logs). The payload is 32 bytes of cryptographic random, base64url-encoded. Single-use, 10-minute TTL, bound at issue time to one user, one org, and one returnUrl. |
returnUrl |
/path-planning/boundary/... |
The relative Launch Pad path the user is sent to after the JWT is issued. Uses route segments (e.g. /path-planning/boundary/:id) so the boundary auto-loads. Must start with /. Absolute URLs, protocol-relative //host URLs, and \ are rejected at issue time. |
What Launch Pad's UI Does on Landing
You do not implement this; it is included for reference so you can reason about what your users see between the click and the rendered field:
- Reads
codeandreturnUrlfrom the query string. - Exchanges the code with Launch Pad for a user session.
- Signs the user in to the correct customer org.
- Removes the code from the address bar so it doesn't linger in browser history.
- Sends the user to the
returnUrlyou specified.
If code is missing, expired, or already used, the user lands on an error page that asks them to return to your product and try again.
Return-Path Options in Detail
Manual Download / Upload
The user clicks Download in Launch Pad, the file lands on their device, and they upload it to your product through your existing file-import flow. Default for Tier 1. No new infrastructure on your side. Requires your import flow to accept at least one format Launch Pad emits (ISOXML, Shapefile, KML, or partner-specific formats).
Webhook Push
Launch Pad sends HTTPS POSTs to a URL you provide. Each request carries an HMAC-SHA256 signature, computed against a shared secret that Verge issues at onboarding. You verify the signature, process the payload, and respond with a 2xx within 10 seconds.
Key Properties
- You do not authenticate to Launch Pad for this flow. No OAuth handshake, no JWT, no Launch Pad API key on your side. The shared HMAC secret is the entire authentication model.
- One secret per subscription, rotatable. Issued once at onboarding. Rotation uses a two-secret overlap window so deliveries do not fail during cutover.
- File delivery scales with payload size. Small artifacts (under 1 MB) ship inline as base64 inside the webhook body. Larger artifacts ship as a short-lived presigned download URL embedded in the body; you GET that URL directly, with no Launch Pad credentials needed.
-
At-least-once delivery. Launch Pad retries with exponential backoff on non-2xx responses and timeouts. Every event carries a
Verge-Webhook-Idheader so you can deduplicate.
What You Build
- A public HTTPS endpoint that accepts POSTs. No login or session is required on the endpoint beyond verifying the signature.
- HMAC verification using the shared secret (about ten lines of code in any language).
- An idempotency check on
Verge-Webhook-Idso a retry never double-processes. - A fast 2xx response. Process any heavy work asynchronously so timeouts do not trigger retry storms.
What Verge Operates
- The outbound emitter and retry queue.
- Dead-letter handling for permanently failed deliveries.
- An admin UI for you to view delivery logs and replay failed events.
- A published set of egress IP ranges you can allowlist at the firewall.
Custom Push (per-partner engineering)
If you already have an authenticated inbound API but do not want to build a generic webhook receiver, Verge can write a one-off push integration that calls your API directly. You share secure credentials with Verge (preferably an API key); Verge's emitter authenticates to you on every push.
This option exists because of an asymmetry in the trust direction. For large FMIS partners (John Deere, Trimble, CNH), end-users authenticate to Launch Pad with their OEM account, so Launch Pad already holds secure tokens to push data back. Launch Pad operates that OEM push model today. In a Tier 1 integration the trust direction is reversed (you authenticate to Launch Pad), so Launch Pad has no preexisting credential to your system. Custom push closes that gap with a bespoke arrangement.
Trade-offs
- Custom engineering on Verge's side. Every partner's API is different. This is per-partner work, not a generic feature, and pricing reflects that.
- Trusted-partner arrangement. You share an API key (or equivalent secure credential) with Verge and operate that credential on your side.
- Joint maintenance. Both sides keep the integration working through API changes and credential rotations.
Suitable when you have an existing inbound API, do not want to build a generic webhook receiver, and are committed enough to fund the per-partner work.
Polling Pull (use sparingly; push is preferred)
If neither push option is workable, your backend can periodically call the Launch Pad API (using the same X-API-KEY already issued for provisioning) to fetch path plans published or updated since the last poll.
Treat this as eventually-consistent batch retrieval, not real-time delivery. A typical cadence is hourly or less frequent. High-frequency polling that resembles a busy-wait against a user action is not supported and may be rate-limited. Polling continuously for hours waiting for a single user-initiated event is exactly the pattern this option does not serve.
- What you build: a polling loop with conservative cadence, deduplication by path-plan ID, and ingestion into your file store.
- Trade-off: significant latency between user action and data arrival; added load on Launch Pad's API.
- Push is strongly preferred. Use polling only when neither Webhook push nor Custom push is workable.
Higher Tiers
This page is the full reference for Tier 1. For higher tiers:
Tier 2 (API Integration)
The public API schema is at vergeag.com/developers. Once Tier 1 is in place, you can expand the integration by calling more of the API directly, using the same API key you already hold.
Tier 3 (Embedded UI)
Contact Verge to scope. Embedded UI involves brand-token agreements, iframe-host setup, and a per-partner build of the UI. It is not self-serve.
Tier 4 (Identity Federation)
Contact Verge to scope. Identity Federation requires standards-based OIDC client registration and a federation agreement between both sides.