Last modified 10:40, 6 Jan 2015


Returns the session information required for making direct API calls to the providers. This allows you to retrieve information or perform operations that are not yet supported by the Gigya service.

Each provider requires its own different set of fields for making direct API call. Specify the provider for which to retrieve the session information in the method's input parameter. Only the fields that are required by the specified provider are available in the Response Object


Security Requirements

If the call is made over HTTP, some sensitive fields are encrypted to prevent them from being used by unauthorized parties.

Note: You may change this default behavior by setting the encrypt parameter to 'false' (see table of parameters below) and making the call over HTTPS.

The encryption is performed using the AES algorithm, where the key is your partner "Secret Key" and the initialization vector is passed as a field in the Response Object. Your partner "Secret Key" is provided at the bottom of the Site setup page on the Gigya website (make sure you have logged in to Gigya's website and completed the Gigya Setup process). The "Secret key" is provided in base64 encoding and must be converted into a binary array before it can be used (most development environments include a method that implements this). Additional settings for the AES algorithm:

  • Cypher mode - CBC
  • Padding mode - you may select the padding mode to be used by setting the paddingMode optional parameter (see the Params table below), with one of the following optional values: 'PKCS5', 'PKCS7' or 'ZEROS' (PKCS7 is the default).

Note: This method is also supported in our REST API. If you wish to execute this method from your server, please refer to REST API > socialize.getSessionInfo.


Supporting Providers

The following providers currently support this operation: Facebook, Twitter, Yahoo, Microsoft Messenger, LinkedIn, Google+, Odnoklassniki, FourSquare, Renren, VKontakte, Xing, Instagram, WordPress and LiveJournal.





Method Parameters

The following table lists the params object members:

Required Name Type Description
Required provider string The provider for which to retrieve the session information. The optional values for this parameter are: 'facebook', 'twitter', 'yahoo', 'messenger', 'linkedin', 'qq', 'renren', 'sina''googleplus', 'foursquare', 'renren', 'vkontakte', 'xing'.
Optional callback function A reference to a callback function. Gigya calls the specified function along with the results of the API method when the API method completes.
The callback function should be defined with the following signature: functionName(response).
The "Response object Data Members" table below provides specification of the data that is passed to the callback function.
  cid string A string of maximum 100 characters length. The CID sets categories for transactions that can be used later for filtering reports generated by Gigya in the "Context ID" combo box. The CID allows you to associate the report information with your own internal data. For example, to identify a specific widget or page on your site/application. You should not define more than 100 different context IDs.
Note: This parameter overrides the value of the identical parameter in Global Conf (the global configuration object). If the parameter is not set for the method, the value from Global Conf is used.
  context object A developer-created object that is passed back unchanged to the application as one of the fields in the response object.
  paddingMode string The padding mode to be used in the AES algorithm. The valid values for this parameter are: 'PKCS5', 'PKCS7' and 'ZEROS'. The default value, if this parameter is not set, is 'PKCS7'.
  encrypt Boolean Determines whether the values of the tokenSecret and sessionHandle response fields should be encrypted. The default value of this parameter differs between HTTP and HTTPS. If the call is made over HTTPS, the default value of the encrypt parameter is 'false', that is, the fields are not encrypted by default. If the call is made over HTTP, the default value of the encrypt parameter is 'true', that is, the fields are encrypted by default. 
  signIDs Boolean The default value is "false". If this field is set to "true", the timestamp and providerUIDSig fields are returned and the providerUID that is returned by this method will be signed by Gigya. To learn more about this subject, please refer to the Security page of the Developer's Guide.


Response Object Data Members

Field Type Description
errorCode integer The result code of the operation. Code '0' indicates success, any other number indicates failure. For a complete list of error codes, see the Error Codes table.
errorMessage string A short textual description of an error associated with the errorCode for logging purposes.
operation string The name of the API method that generated this response.
context object The context object passed by the application as parameter to the API method, or null if no context object has been passed.
authToken string The session authentication token. See in the table below, how this field is mapped to the corresponding field in each provider.
tokenSecret string The session token secret encoded in BASE64. The value of this field is encrypted with the partner secret key unless you have set the encrypt parameter to 'false' (see explanation above). See in the table below, how this field is mapped to the corresponding field in each provider. 
tokenExpiration string The expiration time for the session token. See in the table below, how this field is mapped to the corresponding field in each provider. Note that when socialize.notifyLogin is used to establish a session, the tokenExpiration value contains the tokenExpiration passed to socialize.notifyLogin.  
sessionHandle string The session handle encoded in BASE64. The value of this field is encrypted with the partner secret key unless you have set the encrypt parameter to 'false' (see explanation above). See in the table below, how this field is mapped to the corresponding field in each provider.
sessionExpiration string The session expiration time. See in the table below, how this field is mapped to the corresponding field in each provider.
IV string The initialization vector that should be used for decrypting the encrypted fields, encoded in BASE64.
providerUID string The person's ID on the connected provider.
timestamp string The GMT time of the signature in UNIX time format (i.e. the number of seconds since Jan. 1st 1970). This field is returned only if signIDs is set to "true".
providerUIDSig string The signature on timestamp_providerUID. This field is returned only if signIDs is set to "true".


Session Fields' Mapping

The following table shows how our response field names map to the respective providers expected session field names. 

Field Facebook Twitter / Google+ / Yahoo / Hi5 / Kaixin
/ LinkedIn / Skyrock / VZNet
Foursquare / Messenger / Mixi / QQ / Renren / Sina / VKontakte
authToken access_token oauth_token access_token
tokenSecret - oauth_token_secret -
tokenExpiration expires oauth_expires_in expires_in
sessionHandle - oauth_session_handle (if supported) refresh_token (if supported)
sessionExpiration - oauth_authorization_expires_in (if supported) -


Code Sample 

function printResponse(response) {  
    if ( response.errorCode == 0 ) {             
        var authToken = response['authToken'];
        var IV = response['IV'];
        var sessionExpiration = response['sessionExpiration'];
        var sessionHandle = response['sessionHandle'];
        var tokenExpiration = response['tokenExpiration'];
        var tokenSecret = response['tokenSecret'];
        var msg = 'authToken : ' +authToken + '\n';
        msg+= 'IV : ' +IV + '\n';            
        msg+= 'sessionExpiration : ' +sessionExpiration + '\n';          
        msg+= 'sessionHandle : ' +sessionHandle + '\n';  
        msg+= 'tokenExpiration : ' +tokenExpiration + '\n';  
        msg+= 'tokenSecret : ' +tokenSecret + '\n';  
    else {
        alert('Error :' + response.errorMessage);

var params = {
    provider: 'facebook',


  • This sample is not meant to be fully functional code. For brevity's sake, only the code required for demonstrating the API call itself is presented.
  • To run the code on your own domain, add your Gigya API key to the socialize.js URL. A Gigya API key can be obtained on the Site Dashboard page on Gigya's website. Please make sure that the domain from which you are loading the page is the same domain name that you used for generating the API key.
  • In some cases it is necessary to connect/login the user to a provider? prior to calling the API method. You can learn more in the Social Login guide.

Page statistics
1069 view(s) and 4 edit(s)
Social share
Share this page?


This page has no custom tags.
This page has no classifications.


You must to post a comment.