This method allows sites integrating 3rd party plugins to validate the UID of a logged-in user. More specifically, it provides a means for 3rd party plugins to authenticate a user when the plugin does not have access to the site secret.
When using signatures with a Gigya user key or Gigya Application key, you must use this API to exchange the received signature, default signature validation always uses the Partner secret, not a user or application key secret.
This API exchanges the UIDSignature that you received on the client side by sending it to Gigya with your user/application key, Gigya will then create a new UIDSignature using the included user/application key that can then be verified using the secret corresponding to the user/application key.
You can find a code example located at Integrating 3rd party plugins using login events.
us1.gigya.com- For the US data center.
eu1- For the European data center.
au1- For the Australian data center.
ru1- For the Russian data center.
cn1- For the Chinese data center.
If you are not sure of your site's data center, see Finding Your Data Center.
|||UID||string||The UID of the logged in user.|
|||UIDSignature||string||The original signature received from the client side login operation.|
|||signatureTimestamp||string||The original timestamp received from the client side login operation. (Must be within 60 seconds of the exchangeUIDSignature request).|
The user key (or application key) of the user making the request. The userKey is located within the console. Every console user has a userKey generated for them. Additionally, every user with Admin rights to a partner can create application specific user keys via the Manage Applications option under the Admin tab. Once an application is created, the User Key and Secret for that app will be available within the apps settings.
Internal Note: This is the userKey returned by Gigya's admin.createUserKey method.
|||secret||string||The secret associated with the userKey calling the API which will be used to validate the returned signature.|
Note: The UID, UIDSignature and signatureTimestamp parameter values are those returned by the onLogin event triggered in the client-side API. See onLogin for more information.
For more information, and to see a code example of this API in use, see Integrating 3rd party plugins using login events.
|UID||string||The original UID passed when the method was called.|
|signatureTimestamp||string||A new timestamp generated by the server.|
|UIDSignature||string||A new signature based on the new timestamp and the secret key associated with the specified userKey.|
|errorCode||integer||The result code of the operation. |
|callID||string||Unique identifier of the transaction, for debugging purposes.|
|time||string||The time of the response represented in ISO 8601format. i.e., yyyy.mm.dd.Thh.MM.ss.SSSZ|
A field that does not contain data will not appear in the response.