Gigya Job Openings

socialize.exchangeUIDSignature REST

Skip to end of metadata
Go to start of metadata


This API allows sites integrating 3rd party plugins to validate the UID of a logged-in user. More specifically, it provides a means for 3rd party plugins to authenticate a user when the plugin does not have access to the site secret. 

When using signatures with a Gigya user key or Gigya Application key, you must use this API to exchange the received signature, default signature validation always uses the Partner secret, not  a user or application key secret.


Request URL

Where <Data_Center> is:
  • - For the US data center.
  • - For the European data center.
  • - For the Australian data center.
  • - For the Russian data center.
  • - For the Chinese data center.

If you are not sure of your site's data center, see Finding Your Data Center.



UIDstringThe UID of the logged in user.
UIDSignaturestringThe original signature received from the client side login operation.
signatureTimestampstringThe original timestamp received from the client side login operation.

The user key (or application key) of the user making the request. The userKey is located within the console. Every console user has a userKey generated for them. Additionally, every user with Admin rights to a partner can create application specific user keys via the Manage Applications option under the Admin tab. Once an application is created, the User Key and Secret for that app will be available within the apps settings.

Internal Note: This is the userKey returned by Gigya's admin.createUserKey method.
secretstringThe secret associated with the userKey calling the API which will be used to validate the returned signature.

Note: The UID, UIDSignature and signatureTimestamp parameter values are those returned by the onLogin event triggered in the client-side API. See onLogin for more information.

For more information, and to see a code example of this API in use, see Integrating 3rd party plugins using login events.

Response Data

UIDstringThe original UID passed when the method was called.
signatureTimestampstringA new timestamp generated by the server.
UIDSignaturestringA new signature based on the new timestamp and the secret key associated with the specified userKey.
errorCodeintegerThe result code of the operation.
  • Code '0' indicates success.
  • Code '403002' indicates that signatureTimestamp is more than 60 seconds old.
  • Code '400006' indicates that UIDSignature is invalid.
For a complete list of error codes, see the Error Codes table.
callIDstringUnique identifier of the transaction, for debugging purposes.


Response Sample

  "UID": "GSAPIUser",
  "UIDSignature": "wHrBbHcVibonxyBkaJ1LsXBVGck=",
  "signatureTimestamp": "1418039800",
  "statusCode": 200,
  "errorCode": 0,
  "statusReason": "OK",
  "callId": "2e447c6307564200851c5ac6bed65b6d",
  "time": "2015-03-22T11:42:25.943Z"

A field that does not contain data will not appear in the response.