Session identity
A UUID identifies this browser session without identifying you as a person.
How it works
TextLinker uses a QR code to pair the device in your hand with the browser in front of you. The connection is temporary, explicit, and focused on the item you choose.
The complete flow
Every transfer starts with a fresh browser session and ends when you close it or the timer runs out.
The browser creates a random session ID and pairing token, then displays them inside a QR code. The session expires in about 10 minutes.
The TextLinker app validates the QR type, direction, pairing token, and expiration time before connecting.
The app sends a manifest containing folders, full text notes, and file metadata. Files themselves stay on the phone until requested.
Open text immediately, request one phone file, or send text and one file from the browser back to Android.
What the QR contains
The QR follows the fixed textlinker.session.v1 contract. Android should reject altered, missing, or expired fields.
A UUID identifies this browser session without identifying you as a person.
A long random token must match on every accepted transfer message.
The expiry timestamp tells both devices when to stop accepting transfers.
Built-in limits
Limits are enforced across the website, Supabase validation, and Android implementation.
One web-sent file per message keeps mobile memory, bandwidth, and storage use predictable.
The site will not queue another phone file while the current request is unresolved.
Five-second cooldowns and a 20-request session cap reduce abusive repeated requests.
Generate a QR, scan it in Android, and choose the item you need.