# AssetLinks.json Validator > Validate your assetlinks.json file for Android App Links. Free tool to check DNS, HTTPS, JSON format, SHA-256 fingerprints, and Digital Asset Links setup. - Canonical: https://redirectly.app/assetlinks-validator - Site: [Redirectly](https://redirectly.app) — deferred deep linking for Flutter & React Native Validate your Android App Links configuration. Check DNS, HTTPS, content-type, JSON format, SHA-256 fingerprints, and package name instantly. Debug Digital Asset Links setup in seconds. ## Validate Your assetlinks.json This is an interactive tool: enter your domain at [https://redirectly.app/assetlinks-validator](https://redirectly.app/assetlinks-validator) and it checks that your assetlinks.json file is properly hosted, has correct headers, and contains valid JSON. ## What is Digital Asset Links (assetlinks.json)? Digital Asset Links is a Google-developed security mechanism that establishes verified relationships between Android apps and websites. At its core is the `assetlinks.json` file—a simple JSON configuration that tells Android that your app is authorized to handle links for your domain. When you implement Digital Asset Links correctly, Android can automatically open qualifying links directly in your app without showing the app chooser dialog. This seamless experience is called **Android App Links**, and it's essential for modern app marketing and user experience. **Key Benefit:** Android App Links eliminate friction by automatically routing verified links to your app, improving user experience and reducing navigation abandonment. Without proper Digital Asset Links setup, users see the ambiguous "Open with?" dialog when clicking links to your domain from outside your app, forcing them to manually select your app every time. ## How Android App Links Work Android App Links work through a three-part verification process involving your app's manifest, the assetlinks.json file, and Android's validation: 1. **App Declares Intent Filter** — Your AndroidManifest.xml declares intent filters for specific URL schemes (e.g., `https://example.com`) with `android:autoVerify="true"`. 2. **Android Fetches assetlinks.json** — When the app is installed, Android automatically fetches your domain's `/.well-known/assetlinks.json` file over HTTPS to verify the relationship. 3. **Android Verifies Signature** — Android compares the SHA-256 fingerprint of your app's signing certificate (in assetlinks.json) with the app's actual certificate. If they match, the domain is verified. 4. **Links Open Directly** — Once verified, Android automatically routes matching links directly to your app, bypassing the app chooser dialog and creating a seamless user experience. **Important:** The assetlinks.json file must be served over HTTPS, have the correct Content-Type header (`application/json`), and be publicly accessible. Android can't use HTTP or private files. ## assetlinks.json Format Reference The assetlinks.json file is a JSON array containing relation objects that map between your website and app. Here's the complete structure: ```json [ { "relation": [ "delegate_permission/common.handle_all_urls" ], "target": { "namespace": "android_app", "package_name": "com.example.android", "sha256_cert_fingerprints": [ "AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99", "11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00" ] } } ] ``` - **relation array** — `"delegate_permission/common.handle_all_urls"` means your app is authorized to handle all URLs for the domain without showing the app chooser. This is the standard relation for Android App Links. - **namespace** — Must be `"android_app"` for Android apps. (For iOS, you'd use `"web"` in the AASA file.) - **package_name** — Your app's package name exactly as defined in AndroidManifest.xml (e.g., `com.example.android`). Must be case-sensitive and exact. - **sha256_cert_fingerprints** — Array of SHA-256 certificate fingerprints for your app's signing keys. Include fingerprints for all signing certificates you use (debug, release, etc.). Each fingerprint is a 64-character hexadecimal string in uppercase with colons separating each byte pair. **Pro Tip:** You can include multiple relations and targets in the same assetlinks.json file to support multiple apps or multiple signing certificates, making it flexible for your deployment strategy. ## How to Create assetlinks.json from Scratch 1. **Get Your SHA-256 Fingerprints** — Obtain the SHA-256 fingerprints for your debug and release signing certificates (see the section below). 2. **Create the JSON File** — Create a file named `assetlinks.json` with the format shown in the reference section above. Use the exact package name and SHA-256 fingerprints. 3. **Create .well-known Directory** — On your web server, create a directory named `.well-known` at the root of your domain if it doesn't exist. 4. **Upload the File** — Upload assetlinks.json to `/.well-known/assetlinks.json`. The full URL should be accessible at `https://example.com/.well-known/assetlinks.json` 5. **Configure Server Headers** — Ensure your server returns `Content-Type: application/json` for the assetlinks.json file. Set appropriate cache headers (usually 1 day or longer). 6. **Update AndroidManifest.xml** — In your app's AndroidManifest.xml, add intent filters with `android:autoVerify="true"` for your domain's URLs: ```xml ``` 7. **Test with Validator** — Use this assetlinks.json validator to confirm your file is correctly configured and accessible. Fix any issues reported before distributing your app. ## How to Get Your SHA-256 Certificate Fingerprint The SHA-256 certificate fingerprint is crucial for Android App Links. You need fingerprints for both debug (development) and release (production) signing certificates. Here are the three methods: ### Method 1: Using keytool (Recommended) Use the Java keytool utility included with your JDK: ```bash keytool -list -v -keystore ~/.android/debug.keystore -alias androiddebugkey -storepass android -keypass android ``` For release keystore: ```bash keytool -list -v -keystore /path/to/my-release-key.jks -alias my-key-alias ``` Look for the "SHA256:" line in the output. Copy only the 64-character hexadecimal part (after "SHA256: ") and convert it to the colon-separated format for assetlinks.json. ### Method 2: From Google Play Console If your app is already published on Google Play: 1. Go to your app in Google Play Console 2. Navigate to Settings > App signing 3. Find "App signing certificate" 4. Click "Details" to view the SHA-256 fingerprint 5. Copy the SHA-256 value (already in colon-separated format) **Note:** This is your release certificate fingerprint. For debug builds, you still need to use keytool with your debug keystore. ### Method 3: Using Android Studio In Android Studio: 1. Open Build > Analyze APK 2. Select your signed APK 3. Navigate to the Certificates tab 4. Look for the SHA-256 fingerprint in the certificate details **Critical:** You need *both* debug and release SHA-256 fingerprints in assetlinks.json. The debug fingerprint is for development testing, and the release fingerprint is for production apps distributed via Google Play. ## Common assetlinks.json Errors and How to Fix Them ### Error: File Not Found (404) **Problem:** assetlinks.json is not accessible at /.well-known/assetlinks.json **Solution:** - Verify the file exists at the correct path: `https://your-domain.com/.well-known/assetlinks.json` - Check that the .well-known directory exists and is readable - Ensure file permissions allow web server access - Verify the filename is spelled correctly (case-sensitive) ### Error: Wrong Content-Type **Problem:** Server returns wrong Content-Type (e.g., text/plain or text/html instead of application/json) **Solution:** - Configure your web server to serve assetlinks.json with `Content-Type: application/json` - For Apache: Add `AddType application/json .json` to .htaccess - For Nginx: Add `types { application/json json; }` to config - For Node.js/Express: Use middleware like express-static with proper MIME type configuration ### Error: HTTP Instead of HTTPS **Problem:** assetlinks.json is served over HTTP instead of HTTPS **Solution:** - Configure your domain to use HTTPS with a valid SSL certificate - Redirect all HTTP traffic to HTTPS - Android App Links require HTTPS for security reasons - Use a service like Let's Encrypt for free SSL certificates ### Error: Invalid JSON Format **Problem:** assetlinks.json contains malformed JSON (syntax errors) **Solution:** - Validate JSON syntax using an online JSON validator - Check for missing commas between array/object elements - Ensure all quotes are properly closed and escaped - Verify no trailing commas exist in arrays or objects - Use a code editor with JSON syntax highlighting ### Error: Wrong SHA-256 Fingerprint **Problem:** SHA-256 fingerprint in assetlinks.json doesn't match your app's signing certificate **Solution:** - Re-verify your SHA-256 fingerprint using keytool or Google Play Console - Ensure format is correct: 64-char hex with colons every 2 characters - Include fingerprints for BOTH debug and release certificates - Check that you're using the right keystore file - Verify the app you're testing is signed with the certificate in assetlinks.json ### Error: Wrong Package Name **Problem:** Package name in assetlinks.json doesn't match your app's AndroidManifest.xml **Solution:** - Open your AndroidManifest.xml and find the exact package name in the manifest tag - Update assetlinks.json with the exact same package name - Package names are case-sensitive - Don't include activity or service names; use only the root package ### Error: No Automatic App Opening **Problem:** Links still show app chooser despite valid assetlinks.json **Solution:** - Ensure AndroidManifest.xml has `android:autoVerify="true"` - Uninstall the app completely and reinstall fresh from Google Play or signed APK - Android verifies assetlinks.json during installation; reinstalling re-triggers verification - Clear app data and cache, then reinstall - Wait 24-48 hours for Play Console to update distribution if recently changed ### Error: Multiple Signing Certificates Not Included **Problem:** assetlinks.json only includes release fingerprint, but debug builds fail **Solution:** - Add both debug and release SHA-256 fingerprints to the `sha256_cert_fingerprints` array - This allows both development testing and production builds to work - Include fingerprints for any other signing certificates you use ## Frequently Asked Questions ### What is assetlinks.json and why do I need it? assetlinks.json is a security configuration file that establishes a verified relationship between your Android app and website domain. Without it, Android shows an app chooser dialog when users click links to your domain. With proper assetlinks.json setup, Android automatically opens qualifying links directly in your app, creating a seamless user experience. This automatic behavior is called Android App Links. ### Where exactly should I place the assetlinks.json file? The file must be placed at `https://your-domain.com/.well-known/assetlinks.json`. The .well-known directory must be at the root of your domain, and the file must be publicly accessible and served over HTTPS with the Content-Type header set to `application/json`. ### What is a SHA-256 certificate fingerprint and how do I get it? A SHA-256 certificate fingerprint is a unique 64-character hexadecimal identifier for your app's signing certificate. Android uses it to verify that your app is authorized to handle links for your domain. You can get it using three methods: (1) the keytool command with your keystore file, (2) Google Play Console for release certificates, or (3) Android Studio's APK analyzer. You need fingerprints for both debug and release certificates. ### Why aren't my Android App Links working even though assetlinks.json looks correct? Common causes include: (1) wrong or mismatched SHA-256 fingerprint, (2) wrong package name, (3) missing `android:autoVerify="true"` in AndroidManifest.xml, (4) assetlinks.json not served over HTTPS, (5) incorrect Content-Type header, or (6) the app was installed before assetlinks.json was deployed. Try uninstalling and reinstalling the app, and use this validator to check for configuration issues. ### Can I have multiple apps or packages in the same assetlinks.json file? Yes, assetlinks.json is an array that can contain multiple relation objects. You can include entries for multiple apps (different package names) and multiple signing certificates (different SHA-256 fingerprints). This is useful if you have multiple apps using the same domain, or multiple signing keys across different build flavors or environments. ### Do I need both debug and release SHA-256 fingerprints in assetlinks.json? Yes, if you want Android App Links to work for both development and production. The debug fingerprint is for testing on development devices with unsigned/debug builds. The release fingerprint is for the production app distributed via Google Play. Include both in the `sha256_cert_fingerprints` array as separate entries. ### What is the difference between assetlinks.json and AASA? assetlinks.json (Digital Asset Links) is for Android App Links and is published by Android apps on their website domain. AASA (apple-app-site-association) is for iOS Universal Links and is hosted on the website. Both achieve the same goal on different platforms: allowing apps to claim ownership of links to their domain without showing a chooser dialog. Websites often host both files to support Android and iOS app linking. ### How can I test if my assetlinks.json is working correctly? Use this free assetlinks.json validator to check your configuration immediately. For real-world testing, install your app on an Android device and click links to your domain in a browser or from another app. If configured correctly, the link will open directly in your app without showing the app chooser. You can also check the Android system logs for verification messages. Allow 24-48 hours for Play Console to update distribution if you recently changed signing certificates. ## Related Resources - [AASA Validator (iOS)](https://redirectly.app/aasa-validator.md) — Validate apple-app-site-association files for iOS Universal Links, just like this tool validates Android App Links. - [Complete Deep Linking Guide](https://redirectly.app/deep-linking-guide.md) — Learn deep linking fundamentals for both Android and iOS, including best practices and implementation strategies. - [Flutter Deferred Deep Linking](https://redirectly.app/flutter-deferred-deep-linking.md) — Implement deferred deep linking in Flutter apps to handle install attribution and post-install routing. - [Redirectly Home](https://redirectly.app/index.md) — Learn about smart deferred deep linking and how Redirectly helps with install attribution and post-install routing. ## Ready to Implement Android App Links? Now that you understand assetlinks.json and how to set it up, use the validator to check your configuration. If you need more advanced features like deferred deep linking and install attribution, Redirectly provides a complete solution. Sign up for a free API key and subdomain to get started. Android App Links are a powerful feature that improve user experience by seamlessly routing domain links to your app. With proper assetlinks.json configuration, you eliminate friction and increase engagement. --- Full site index for AI agents: https://redirectly.app/llms.txt