accounts.getJWT REST

Skip to end of metadata
Go to start of metadata


Note: If you plan on integrating Gigya's Accounts API, we highly recommend reading the Registration-as-a-Service Guide. Registration-as-a-Service (RaaS) is a premium platform that requires separate activation. If RaaS is not part of your site package, please contact Gigya by filling in a support form through the Console. You can access the support page by clicking Support on the upper menu after logging into the Gigya Console.


This API is used to obtain an OAuth2.0/OIDC compatible id_token containing an existing user's data. This id_token can then be transmitted between servers, enabling a partner to share a user's data among multiple sites/API keys. You can validate the JWT using the originating site's public key returned from accounts.getJWTPublicKey

Request URL

Where <Data_Center> is:
  • - For the US data center.
  • - For the European data center.
  • - For the Australian data center.
  • - For the Russian data center.
  • - For the Chinese data center.

If you are not sure of your site's data center, see Finding Your Data Center.



apiKeystringThe API key of the target site containing the existing user's data.

The partner secret or both an application/user key and it's corresponding secret.

*When passing an application/user key secret, you must also pass a userKey parameter that the secret is associated to.

targetUIDstringThe UID of the user whose data is being requested. Must be a user for the site of the associated apiKey (above).
userKey*stringThe userKey associated with the secret, if not using a partner secret.
fieldsstring, comma delimited

Any existing profile and/or data fields in the target site's database you want to explicitly return in the JWT for this targetUID.

When requesting profile fields, it is not necessary to prepend 'profile.' (e.g., profile.firstName can be passed as firstName).

expirationintegerThe TTL of the returned JWT, in seconds. If this parameter is not passed, the default is 300.
format string Determines the format of the response. The options are:
  • json (default)
  • jsonp - if the format is jsonp then you are required to define a callback method (see parameter below).
callback string This parameter is required only when the format parameter is set to jsonp (see above). In such cases this parameter should define the name of the callback method to be called in the response, along with the jsonp response data.
httpStatusCodes Boolean The default value of this parameter is false, which means that the HTTP status code in Gigya's response is always 200 (OK), even if an error occurs. The error code and message is given within the response data (see below). If this parameter is set to true, the HTTP status code in Gigya's response would reflect an error, if one occurred.


Authorization Parameters

Each REST API request must contain identification and authorization parameters.

Please refer to the Authorization Parameters section for details. 


Response Data

id_tokenJSON Web TokenThe returned JWT containing the user's data.
ignoredFieldsstringIf any fields that were passed do not exist for the requested apiKey, they will be ignored and listed here.
statusCode integer The HTTP response code of the operation. Code '200' indicates success.
errorCode integer The result code of the operation. Code '0' indicates success, any other number indicates failure. For a complete list of error codes, see the Error Codes table.
statusReason string A brief explanation of the status code.
errorMessage string A short textual description of an error, associated with the errorCode, for logging purposes. This field will appear in the response only in case of an error.
errorDetails string This field will appear in the response only in case of an error and will contain the exception info, if available.
fullEventName string The full name of the event that triggered the response. This is an internally used parameter and not always returned.
callId string Unique identifier of the transaction, for debugging purposes.
time string The time of the response represented in ISO 8601 format, i.e., yyyy-mm-dd-Thh:MM:ss.SSSZ or



A field that does not contain data will not appear in the response.


Response Example

  "callId": "1b0f125b7b904a2582340cfa89922ade",
  "errorCode": 0,
  "apiVersion": 2,
  "statusCode": 200,
  "statusReason": "OK",
  "time": "2016-12-18T11:23:36.315Z",
  "ignoredFields": "",
  "id_token": "eyJ0eXAiOi**************************ImtpZCI6IjdfY2VBQSJ9.eyJpc3MiOiJodHRwczov



Additional Information

Whenever relying on the contents of the response from accounts.getJWT, e.g., before adding the user's data to a new database, you should validate that the content has not been manipulated in transit. You can do that by validating the signature against the host site's public key. Please see How To Validate A Gigya id_token for additional information.


  • No labels