Gigya Job Openings

accounts.getConflictingAccount JS

Skip to end of metadata
Go to start of metadata


This method searches for a conflicting account: an account that uses the email associated with a social identity linked to the account currently logging in. 

This method will return an error if account harvesting protection is activated.


Note: If you plan on integrating Gigya's Accounts API, we highly recommend reading the Registration-as-a-Service Guide. Registration-as-a-Service (RaaS) is a premium platform that requires separate activation. If RaaS is not part of your site package, please contact Gigya by filling in a support form through the Console. You can access the support page by clicking Support on the upper menu after logging into the Gigya Console.


Request URL

Where <Data_Center> is:
  • - For the US data center.
  • - For the European data center.
  • - For the Australian data center.
  • - For the Russian data center.
  • - For the Chinese data center.

If you are not sure of your site's data center, see Finding Your Data Center.



regTokenstringThe regToken of the account being checked for conflicts. regToken is returned by accounts.initRegistration, accounts.register or accounts.login if the user tried to sign in without completing the registration. Please note that the regToken you receive from Gigya is valid for only one hour.
format string Determines the format of the response. The options are:
  • json (default)
  • jsonp - If the format is jsonp then you are required to define a callback method (see parameter below).
callback string This parameter is required only when the format parameter is set to jsonp (see above). In such cases this parameter should define the name of the callback method to be called in the response, along with the jsonp response data.
httpStatusCodes Boolean The default value of this parameter is false, which means that the HTTP status code in Gigya's response is always 200 (OK), even if an error occurs. The error code and message is given within the response data (see below). If this parameter is set to true, the HTTP status code in Gigya's response would reflect an error, if one occurs.

Authorization Parameters

Each REST API request must contain identification and authorization parameters.

Some REST APIs may function without these authorization parameters, however, when that occurs, these calls are treated as client-side calls and all client-side rate limits will apply. In order to not reach client-side IP rate limits that may impact your implementation when using server-to-server REST calls, it is Recommended Best Practice to always sign the request or use a secret. A non-exhaustive list of REST APIs that this may apply to are as follows:

  • accounts.login
  • socialize.login
  • accounts.notifyLogin
  • socialize.notifyLogin
  • accounts.finalizeRegistration
  • accounts.linkAccounts

Please refer to the Authorization Parameters section for details. 

Sample Request


Response Data

errorCode integer The result code of the operation. Code '0' indicates success, any other number indicates failure. For a complete list of error codes, see the Error Codes table.
errorMessage string A short textual description of an error, associated with the errorCode, for logging purposes. This field will appear in the response only in case of an error.
errorDetails string This field will appear in the response only in case of an error and will contain the exception info, if available.
fullEventName string The full name of the event that triggered the response. This is an internally used parameter that is not always returned and should not be relied upon by your implementation.
callId string Unique identifier of the transaction, for debugging purposes.
time string The time of the response represented in ISO 8601 format, i.e., yyyy-mm-dd-Thh:MM:ss.SSSZ or
statusCode integer The HTTP response code of the operation. Code '200' indicates success.
This property is deprecated and only returned for backward compatibility.
statusReason string A brief explanation of the status code.
This property is deprecated and only returned for backward compatibility.


conflictingAccountJSON objectWill contain null if no conflicting accounts were found. Otherwise the format of the response is: "{loginProviders:[], loginID:}"
The conflictingAccount object can contain two variables:
  • loginProviders - an array listing the social networks connected to the conflicting account, the keyword site will be used to denote a conflicting site account. 
  • loginID - only returned if the conflictingAccount object includes a site account. Contains either a simple username or an email address, depending on the site's Login Identifier Policy.

A field that does not contain data will not appear in the response.

Response Example

{ "conflictingAccount": {
    "loginProviders": [
      "facebook", "site"
    "loginID" : ""
  "statusCode": 200,
  "errorCode": 0,
  "statusReason": "OK",
  "callId": "b6973f53f08d4ef2a656d10e8b613276",
  "context": "R2333775872"


Gigya defines specific error codes and messages that are used with the Accounts API. These errors are returned with the APIs, indicating that some information is incorrect or missing. 

If the API is called with account harvesting protection switched on, it returns error code 400096: "Conflicting with site policy".

If the regToken input is in the wrong flow, error code 400096 is also returned: "invalid regToken flow".