# assetlinks.json: Complete Guide for Android App Links > Master assetlinks.json for Android App Links. Learn Digital Asset Links format, SHA-256 certificate fingerprints, and hosting requirements. - Canonical: https://redirectly.app/blog/assetlinks-json-guide - Site: [Redirectly](https://redirectly.app) — deferred deep linking for Flutter & React Native - Published: 2024-02-20 - Author: Redirectly - Category: Android · 8 min read Master Digital Asset Links and enable seamless deep linking for your Android apps ## What are Digital Asset Links? Digital Asset Links is Google's solution for verifying the relationship between your app and your website. The assetlinks.json file proves that your Android app and your website are owned by the same organization, enabling App Links—Android's equivalent to iOS Universal Links. When a user clicks a link to your domain on an Android device, the system checks for your assetlinks.json file. If the file exists and your app is installed, Android directs users to the app. If your app isn't installed, the link opens in the browser. Unlike iOS where trust is implicit, Android requires cryptographic verification via your app's signing certificate. This is why generating the correct SHA-256 fingerprint is critical for Digital Asset Links. ## assetlinks.json Format Reference Here's the complete structure of an assetlinks.json file: ```json [ { "relation": ["delegate_permission/common.handle_all_urls"], "target": { "namespace": "android_app", "package_name": "com.example.myapp", "sha256_cert_fingerprints": [ "AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99" ] } } ] ``` ### Field Explanations - **relation:** The type of relationship. Use "delegate_permission/common.handle_all_urls" for App Links - **namespace:** Always "android_app" for Android apps - **package_name:** Your app's exact package name (e.g., com.example.myapp) - **sha256_cert_fingerprints:** Array of SHA-256 fingerprints for your signing certificates ## Relation Types and Target Objects Digital Asset Links supports different relations for various purposes: ### delegate_permission/common.handle_all_urls The primary relation for App Links. Tells Android your app should handle all links to your domain (when matching intent filters are present). ### delegate_permission/common.get_login_creds Enables credential sharing with the app. Allows Android to autofill passwords in your app when they're stored in Chrome. ### Custom Relations You can define custom relations for app-specific purposes. Format: "custom_relation_name" ## SHA-256 Certificate Fingerprints The SHA-256 fingerprint is the most critical part of assetlinks.json. You need to generate three different fingerprints: ### 1. Debug Signing Certificate Used when testing your app during development. Android automatically creates this when you first run your app on an emulator or device. ```bash keytool -list -v -keystore ~/.android/debug.keystore \ -alias androiddebugkey -storepass android -keypass android ``` ### 2. Release Signing Certificate Your keystore file used to sign the release APK/AAB. Keep this secure! ```bash keytool -list -v -keystore /path/to/your/keystore.jks -alias YOUR_ALIAS ``` ### 3. Play App Signing Certificate When you upload to Google Play Store, Google re-signs your app with their certificate. You must use this fingerprint for App Links to work on production apps! **Important:** Find your Play App Signing certificate in Google Play Console under Settings >> App Signing. Copy the SHA-256 certificate fingerprint. ### Understanding the Output ```text Alias name: androiddebugkey Creation date: Dec 1, 2023 Entry type: PrivateKeyEntry Certificate fingerprints: MD5: 12:34:56:78:9A:BC:DE:F0:12:34:56:78:9A:BC:DE:F0 SHA1: 12:34:56:78:9A:BC:DE:F0:12:34:56:78:9A:BC:DE:F0:12:34:56:78 SHA256: AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99 SHA512: ... ``` Copy only the SHA256 line (with the colons). You'll need just the hex string without "SHA256:" prefix for assetlinks.json. ## Multiple Apps in One File If you have multiple apps (production, beta, staging), include them all in one assetlinks.json: ```json [ { "relation": ["delegate_permission/common.handle_all_urls"], "target": { "namespace": "android_app", "package_name": "com.example.myapp", "sha256_cert_fingerprints": ["PROD_FINGERPRINT"] } }, { "relation": ["delegate_permission/common.handle_all_urls"], "target": { "namespace": "android_app", "package_name": "com.example.myapp.beta", "sha256_cert_fingerprints": ["BETA_FINGERPRINT"] } } ] ``` ## Hosting Requirements Your assetlinks.json file must be hosted correctly for Android to validate it: ### File Location ```text https://yourdomain.com/.well-known/assetlinks.json ``` The file must be in .well-known directory at the root of your domain. No alternate paths work. ### HTTPS Required Your domain must use HTTPS. Android will not read assetlinks.json over HTTP. ### Content-Type Header ```text Content-Type: application/json ``` Verify this header is returned by your web server. ### Valid JSON Must be valid JSON. Syntax errors cause silent failures. ### No Redirects Android won't follow redirects. The file must be directly accessible at the exact URL. ## Complete Production Example Here's a production-ready assetlinks.json with debug and release certificates: ```json [ { "relation": ["delegate_permission/common.handle_all_urls"], "target": { "namespace": "android_app", "package_name": "com.example.myapp", "sha256_cert_fingerprints": [ "AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99", "11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00" ] } } ] ``` ## Validating Your assetlinks.json File After creating your file, validate it before deployment: ### 1. JSON Validation Use a JSON validator to check syntax. ### 2. Use Redirectly's Validator Our tool validates assetlinks.json and catches common mistakes. ### 3. Verify Hosting Check that your server returns application/json content-type over HTTPS. ### 4. Test on Device Install your app and test tapping links to verify they open in your app. **Pro Tip:** Use Redirectly's free assetlinks.json validator to catch errors quickly. [Try assetlinks.json Validator](https://redirectly.app/assetlinks-validator.md) ## Troubleshooting Common Issues Here are solutions to the most common assetlinks.json problems: ### Wrong SHA-256 fingerprint This is the #1 issue. Verify you're using the Play App Signing certificate, not your upload certificate. Check Google Play Console for the correct fingerprint. ### File at wrong location assetlinks.json must be at .well-known/assetlinks.json. Not in a different directory, not in the root. ### Content-Type header incorrect Test with: curl -I https://yourdomain.com/.well-known/assetlinks.json | grep Content-Type ### Invalid JSON Copy your file to a JSON validator. Even a missing comma breaks everything. ### Links not opening in app after fixes Uninstall and reinstall your app. Android caches assetlinks.json verification results aggressively. ## App Manifest Configuration assetlinks.json is only half of the setup. Your AndroidManifest.xml must also declare intent filters: ```xml ``` **Important:** Include android:autoVerify="true" so Android verifies your assetlinks.json when the app is installed. ## Building on assetlinks.json: Next Steps Now that you understand assetlinks.json, explore related deep linking topics: - [Deferred Deep Linking in Flutter](https://redirectly.app/flutter-deferred-deep-linking.md) — Combine assetlinks.json with deferred deep linking for comprehensive Android experiences. - [assetlinks.json Validator Tool](https://redirectly.app/assetlinks-validator.md) — Validate your assetlinks.json configuration instantly with our free validator. ## Summary assetlinks.json is essential for Android App Links. By understanding Digital Asset Links, certificate fingerprints, and hosting requirements, you can create reliable deep links that seamlessly direct users to your app. Remember: - Host assetlinks.json at .well-known/assetlinks.json with HTTPS - Use your Play App Signing certificate SHA-256 fingerprint - Include all app variants (production, beta, staging) - Ensure valid JSON and application/json content-type - Add android:autoVerify="true" to your intent filters - Uninstall and reinstall to force verification after changes --- Full site index for AI agents: https://redirectly.app/llms.txt