Gigya Job Openings

fidm.oidc.op.createRP REST

Skip to end of metadata
Go to start of metadata

The Gigya OpenID Connect service is part of our Federated Identity Management Services, which are premium services that require separate activation. If it is not yet a part of your existing site package, please contact support by submitting a ticket through your Console Support Portal or sending an email to


This API registers and configures a new RP   for the OP .

Request URL

Where <Data_Center> is:
  • - For the US data center.
  • - For the European data center.
  • - For the Australian data center.
  • - For the Russian data center.
  • - For the Chinese data center.

If you are not sure of your site's data center, see Finding Your Data Center.

This API requires HTTPS.


redirectUrisarray of strings

A list of pre-approved redirect URIs for the RP.

All calls to the Authorize endpoint must contain a redirect_uri parameter in the query string. This must match one of these pre-defined redirectUris. You should get these values from the 3rd party prior to setting up the RP. redirectUris must be HTTPS.

descriptionstringA friendly description of the RP.

The license could not be verified: License Certificate has expired!

supportedResponseTypesarray of strings

You may allow the RP to only receive specific response types.

These can be limited to any/all of the following:

  • code
  • token
  • id_token


Determines whether the subject ( sub ) of the id_token is pairwise or public.

Gigya supports two subjectIdentifierTypes:

  • pairwise (default) - a persistent pseudonym is returned - site and uid are encrypted using a per RP symmetric encryption key so the identifier that identifies the user to the RP can not be correlated to any other user on any other RP (even if they are the same user).
  • public - If set to public, the user's UID is returned as the sub claim of the identityToken.

Authorization Parameters

Each REST API request must contain identification and authorization parameters.

Some REST APIs may function without these authorization parameters, however, when that occurs, these calls are treated as client-side calls and all client-side rate limits will apply. In order to not reach client-side IP rate limits that may impact your implementation when using server-to-server REST calls, it is Recommended Best Practice to always sign the request or use a secret. A non-exhaustive list of REST APIs that this may apply to are as follows:

  • accounts.login
  • socialize.login
  • accounts.notifyLogin
  • socialize.notifyLogin
  • accounts.finalizeRegistration
  • accounts.linkAccounts

Please refer to the Authorization Parameters section for details. 

Sample Requests

Response Data

descriptionstringThe description of this RP.
clientIDstringThe unique clientID for this RP.
clientSecretstringThe clientSecret for this specific RP.
redirectUrisarrayThe redirectUris defined during creation. See OpenID Connect Protocol Coverage for more information.
allowedScopesarrayThe allowedScopes defined during creation. See OpenID Connect Protocol Coverage for more information.
supportedResponseTypesarrayThe supportedResponseTypes defined during creation. See OpenID Connect Protocol Coverage for more information.
subjectIdentifierTypestringThe subjectIdentifierType defined for this RP. See OpenID Connect Protocol Coverage for more information.
errorCode integer The result code of the operation. Code '0' indicates success, any other number indicates failure. For a complete list of error codes, see the Error Codes table.
errorMessage string A short textual description of an error, associated with the errorCode, for logging purposes. This field will appear in the response only in case of an error.
errorDetails string This field will appear in the response only in case of an error and will contain the exception info, if available.
fullEventName string The full name of the event that triggered the response. This is an internally used parameter that is not always returned and should not be relied upon by your implementation.
callId string Unique identifier of the transaction, for debugging purposes.
time string The time of the response represented in ISO 8601 format, i.e., yyyy-mm-dd-Thh:MM:ss.SSSZ or
statusCode integer The HTTP response code of the operation. Code '200' indicates success.
This property is deprecated and only returned for backward compatibility.
statusReason string A brief explanation of the status code.
This property is deprecated and only returned for backward compatibility.


A field that does not contain data will not appear in the response.

Response Example

    "statusCode": 200,
    "errorCode": 0,
    "statusReason": "OK",
    "callId": "3353d2fbac894289977c102298df60d1",
    "time": "2015-03-22T11:42:25.943Z",
	"description": "Some friendly description of this RP.",
	"clientID": "<The clientID of this RP>",
	"clientSecret": "<The secret for this RP's clientID>",
	"redirectUris": [
	"supportedResponseTypes": [
		"id_token token",
		"code id_token",
		"code token",
		"code id_token token"
	"subjectIdentifierType": "pairwise"




  • No labels