This API allows sites integrating 3rd party plugins to validate the UID of a logged-in user. More specifically, it provides a means for 3rd party plugins to authenticate a user when the plugin does not have access to the site secret.
When using signatures with a Gigya user key or Gigya Application key, you must use this API to exchange the received signature, default signature validation always uses the Partner secret, not a user or application key secret.
us1- For the US data center.
eu1- For the European data center.
au1- For the Australian data center.
ru1- For the Russian data center.
If you are not sure of your site's data center, see Finding Your Site's Data Center.
|||UID||string||The UID of the logged in user.|
|||UIDSignature||string||The original signature received from the client side login operation.|
|||signatureTimestamp||string||The original timestamp received from the client side login operation.|
The user key (or application key) of the user making the request. The userKey is located within the console. Every console user has a userKey generated for them. Additionally, every user with Admin rights to a partner can create application specific user keys via the Manage Applications option under the Admin tab. Once an application is created, the User Key and Secret for that app will be available within the apps settings.
Internal Note: This is the userKey returned by Gigya's admin.createUserKey method.
|||secret||string||The secret associated with the userKey calling the API which will be used to validate the returned signature.|
Note: The UID, UIDSignature and signatureTimestamp parameter values are those returned by the onLogin event triggered in the client-side API. See onLogin for more information.
For more information, and to see a code example of this API in use, see Integrating 3rd party plugins using login events.
|UID||string||The original UID passed when the method was called.|
|signatureTimestamp||string||A new timestamp generated by the server.|
|UIDSignature||string||A new signature based on the new timestamp and the secret key associated with the specified userKey.|
|errorCode||integer||The result code of the operation. |
|callID||string||Unique identifier of the transaction, for debugging purposes.|
A field that does not contain data will not appear in the response.