HMAC-authenticated web app?

Hi Appgyver team, I’m hoping to use Appgyver to create an authenticated web-app that relies on an (HMAC) signature or valid unique identifier in the URL before the page loads. The goal is to create something like a Appgyver-based payment checkout page that follows from another company’s checkout page. The web page will then load with certain information from the previous company already in place (e.g. merchant name, amount, basket items).
I don’t mind writing custom JS to make this possible, but I’d like to know where such logic should fall. If session tokens are used instead of HMAC signatures, then I’d like to know where we can cache/store these tokens too.

Hoping to get some directions!

@Guangmian_Kung
Any luck with that?