accounts.exchangeUIDSignature REST

Skip to end of metadata
Go to start of metadata

Description

This method allows sites integrating 3rd party plugins to validate the UID of a logged-in user. More specifically, it provides a means for 3rd party plugins to authenticate a user when the plugin does not have access to the site secret.

When using signatures with a Gigya user key or Gigya Application key, you must use this API to exchange the received signature, default signature validation always uses the Partner secret, not  a user or application key secret.

 

Use

This API exchanges the UIDSignature that you received on the client side by sending it to Gigya with your user/application key, Gigya will then create a new UIDSignature using the included user/application key that can then  be verified using the secret corresponding to the user/application key.

You can find a code example located at Integrating 3rd party plugins using login events.

 

Request URL

Where <Data_Center_ID> is:
  • us1 - For the US data center.
  • eu1 - For the European data center.
  • au1 - For the Australian data center.
  • ru1 - For the Russian data center.

If you are not sure of your site's data center, see Finding Your Site's Data Center.

 

Parameters

RequiredNameTypeDescription
UIDstringThe UID of the logged in user.
UIDSignaturestringThe original signature received from the client side login operation.
signatureTimestampstringThe original timestamp received from the client side login operation.
userKeystring

The user key (or application key) of the user making the request. The userKey is located within the console. Every console user has a userKey generated for them. Additionally, every user with Admin rights to a partner can create application specific user keys via the Manage Applications option under the Admin tab. Once an application is created, the User Key and Secret for that app will be available within the apps settings.

Internal Note: This is the userKey returned by Gigya's admin.createUserKey method.


secretstringThe secret associated with the userKey calling the API which will be used to validate the returned signature.

Note: The UID, UIDSignature and signatureTimestamp parameter values are those returned by the onLogin event triggered in the client-side API. See onLogin for more information.

For more information, and to see a code example of this API in use, see Integrating 3rd party plugins using login events.

Response Data

FieldTypeDescription
UIDstringThe original UID passed when the method was called.
signatureTimestampstringA new timestamp generated by the server.
UIDSignaturestringA new signature based on the new timestamp and the secret key associated with the specified userKey.
errorCodeintegerThe result code of the operation.
  • Code '0' indicates success.
  • Code '403002' indicates that signatureTimestamp is more than 60 seconds old.
  • Code '400006' indicates that UIDSignature is invalid.
For a complete list of error codes, see the Error Codes table.
callIDstringUnique identifier of the transaction, for debugging purposes.
timestringThe time of the response represented in ISO 8601format. i.e., yyyy.mm.dd.Thh.MM.ss.SSSZ

 

Response Sample

{   
  "UID": "GSAPIUser",
  "UIDSignature": "wHrBbHcVibonxyBkaJ1LsXBVGck=",
  "signatureTimestamp": "1418039800",
  "statusCode": 200,
  "errorCode": 0,
  "statusReason": "OK",
  "callId": "2e447c6307564200851c5ac6bed65b6d",
  "time": "2015-03-22T11:42:25.943Z"
}

A field that does not contain data will not appear in the response.