What are Digital Asset Links?
Digital Asset Links is Google's solution for verifying the relationship between your app and your website. The assetlinks.json file proves that your Android app and your website are owned by the same organization, enabling App Links—Android's equivalent to iOS Universal Links.
When a user clicks a link to your domain on an Android device, the system checks for your assetlinks.json file. If the file exists and your app is installed, Android directs users to the app. If your app isn't installed, the link opens in the browser.
Unlike iOS where trust is implicit, Android requires cryptographic verification via your app's signing certificate. This is why generating the correct SHA-256 fingerprint is critical for Digital Asset Links.
assetlinks.json Format Reference
Here's the complete structure of an assetlinks.json file:
[
{
"relation": ["delegate_permission/common.handle_all_urls"],
"target": {
"namespace": "android_app",
"package_name": "com.example.myapp",
"sha256_cert_fingerprints": [
"AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99"
]
}
}
]Field Explanations
- relation: The type of relationship. Use "delegate_permission/common.handle_all_urls" for App Links
- namespace: Always "android_app" for Android apps
- package_name: Your app's exact package name (e.g., com.example.myapp)
- sha256_cert_fingerprints: Array of SHA-256 fingerprints for your signing certificates
Relation Types and Target Objects
Digital Asset Links supports different relations for various purposes:
delegate_permission/common.handle_all_urls
The primary relation for App Links. Tells Android your app should handle all links to your domain (when matching intent filters are present).
delegate_permission/common.get_login_creds
Enables credential sharing with the app. Allows Android to autofill passwords in your app when they're stored in Chrome.
Custom Relations
You can define custom relations for app-specific purposes. Format: "custom_relation_name"
SHA-256 Certificate Fingerprints
The SHA-256 fingerprint is the most critical part of assetlinks.json. You need to generate three different fingerprints:
1. Debug Signing Certificate
Used when testing your app during development. Android automatically creates this when you first run your app on an emulator or device.
keytool -list -v -keystore ~/.android/debug.keystore \ -alias androiddebugkey -storepass android -keypass android
2. Release Signing Certificate
Your keystore file used to sign the release APK/AAB. Keep this secure!
keytool -list -v -keystore /path/to/your/keystore.jks -alias YOUR_ALIAS
3. Play App Signing Certificate
When you upload to Google Play Store, Google re-signs your app with their certificate. You must use this fingerprint for App Links to work on production apps!
Important: Find your Play App Signing certificate in Google Play Console under Settings >> App Signing. Copy the SHA-256 certificate fingerprint.
Understanding the Output
Alias name: androiddebugkey Creation date: Dec 1, 2023 Entry type: PrivateKeyEntry Certificate fingerprints: MD5: 12:34:56:78:9A:BC:DE:F0:12:34:56:78:9A:BC:DE:F0 SHA1: 12:34:56:78:9A:BC:DE:F0:12:34:56:78:9A:BC:DE:F0:12:34:56:78 SHA256: AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99 SHA512: ...
Copy only the SHA256 line (with the colons). You'll need just the hex string without "SHA256:" prefix for assetlinks.json.
Multiple Apps in One File
If you have multiple apps (production, beta, staging), include them all in one assetlinks.json:
[
{
"relation": ["delegate_permission/common.handle_all_urls"],
"target": {
"namespace": "android_app",
"package_name": "com.example.myapp",
"sha256_cert_fingerprints": ["PROD_FINGERPRINT"]
}
},
{
"relation": ["delegate_permission/common.handle_all_urls"],
"target": {
"namespace": "android_app",
"package_name": "com.example.myapp.beta",
"sha256_cert_fingerprints": ["BETA_FINGERPRINT"]
}
}
]Hosting Requirements
Your assetlinks.json file must be hosted correctly for Android to validate it:
File Location
https://yourdomain.com/.well-known/assetlinks.json
The file must be in .well-known directory at the root of your domain. No alternate paths work.
HTTPS Required
Your domain must use HTTPS. Android will not read assetlinks.json over HTTP.
Content-Type Header
Content-Type: application/json
Verify this header is returned by your web server.
Valid JSON
Must be valid JSON. Syntax errors cause silent failures.
No Redirects
Android won't follow redirects. The file must be directly accessible at the exact URL.
Complete Production Example
Here's a production-ready assetlinks.json with debug and release certificates:
[
{
"relation": ["delegate_permission/common.handle_all_urls"],
"target": {
"namespace": "android_app",
"package_name": "com.example.myapp",
"sha256_cert_fingerprints": [
"AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99",
"11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00"
]
}
}
]Validating Your assetlinks.json File
After creating your file, validate it before deployment:
1. JSON Validation
Use a JSON validator to check syntax.
2. Use Redirectly's Validator
Our tool validates assetlinks.json and catches common mistakes.
3. Verify Hosting
Check that your server returns application/json content-type over HTTPS.
4. Test on Device
Install your app and test tapping links to verify they open in your app.
Pro Tip: Use Redirectly's free assetlinks.json validator to catch errors quickly.
Try assetlinks.json ValidatorTroubleshooting Common Issues
Here are solutions to the most common assetlinks.json problems:
Wrong SHA-256 fingerprint
This is the #1 issue. Verify you're using the Play App Signing certificate, not your upload certificate. Check Google Play Console for the correct fingerprint.
File at wrong location
assetlinks.json must be at .well-known/assetlinks.json. Not in a different directory, not in the root.
Content-Type header incorrect
Test with: curl -I https://yourdomain.com/.well-known/assetlinks.json | grep Content-Type
Invalid JSON
Copy your file to a JSON validator. Even a missing comma breaks everything.
Links not opening in app after fixes
Uninstall and reinstall your app. Android caches assetlinks.json verification results aggressively.
App Manifest Configuration
assetlinks.json is only half of the setup. Your AndroidManifest.xml must also declare intent filters:
<activity android:name=".MainActivity">
<intent-filter android:autoVerify="true">
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data
android:scheme="https"
android:host="example.com"
android:pathPrefix="/product"
android:pathPrefix="/order" />
</intent-filter>
</activity>Important: Include android:autoVerify="true" so Android verifies your assetlinks.json when the app is installed.
Building on assetlinks.json: Next Steps
Now that you understand assetlinks.json, explore related deep linking topics:
Summary
assetlinks.json is essential for Android App Links. By understanding Digital Asset Links, certificate fingerprints, and hosting requirements, you can create reliable deep links that seamlessly direct users to your app. Remember:
- Host assetlinks.json at .well-known/assetlinks.json with HTTPS
- Use your Play App Signing certificate SHA-256 fingerprint
- Include all app variants (production, beta, staging)
- Ensure valid JSON and application/json content-type
- Add android:autoVerify="true" to your intent filters
- Uninstall and reinstall to force verification after changes