Gigya Job Openings

Page History

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


SEO Metadata

Find answers to common questions regarding Gigya 's technology.


Find answers to common questions regarding Gigya's technology.


titleWhat do I need to get started?

We recommend that you start with our RaaS Guide and Site Setup guide. You may also refer to our Live Working Examples, which also include the code you can download and run from localhost.


titleHow do I force logout from Facebook?

Make sure you load the gigya.js with your API key as part of the <head> section of your site's pages:

Code Block
<SCRIPT type="text/javascript" lang="javascript"

Next, make sure you configured a Domain Alias (CNAME) for your site and enabled automatic session renewal in your site's Settings. Then when you call our client-side socialize.logout API method, Gigya will logout the user from all the providers to which he is connected, including Facebook.


titleHow come it doesn't work when I use HTTPS?

If you choose to communicate with the Gigya service over a secure connection, you will need to include the Socialize JS file from our https domain: 

Every page that uses the Gigya API must include Gigya's Java-script library in the section. On secured pages, the line of code should be:

Code Block
<script type="text/javascript" src="" ></script>


titleHow do I deal with signatures?

You have to construct a signature and validate it.

Follow these steps to construct a signature: 

Your partner's "Secret Key" is provided in BASE64 encoding, at the bottom of the Site Setup page on the Gigya website (please make sure that you have logged in to Gigya's website and that you have completed the Gigya Site Setup process).

  1. Construct a "base string" for signing: "%Timestamp%_%UID%" replacing %Timestamp% and %UID% with the corresponding values.

  2. Convert the base string into a binary array using UTF-8 encoding.

  3. Optional - If you have a mechanism for storing and verifying cryptographic nonces it is recommend that you store the base string as a nonce and verify that you only get the same base string once.

  4. Convert your "Secret Key" from its BASE64 encoding to a binary array.

  5. Use the HMAC-SHA1 algorithm to calculate the cryptographic signature of the "base string" constructed in step 1, with your binary "Secret Key" calculated in step 4 as the key. The HMAC-SHA1 algorithm is implemented in many standard libraries and is readily available in any web development environment. The HMAC-SHA1 method usually receives two parameters: a binary key, and a buffer to be signed. It returns a binary array containing the signature.

  6. Convert the signature to a BASE64 string.

For more details and pseudo code example, please refer to Constructing a Signature.

Please follow these steps to implement signature validation:

  1. Validate that the timestamp is within 3 minutes of your current server time. Note that the timestamp is in "Unix time format" meaning the number of seconds since Jan. 1st 1970 and in GMT/UTC timezone. The timestamp is provided in the signatureTimestamp field of the User object.

  2. Construct a signature from the UID, signatureTimestamp and your secret key. Follow the instructions in the Constructing a Signature section below.

  3. Compare the signature you have calculated to the one generated by Gigya. If the UID signature is valid the two would be exactly the same. The Gigya signature is provided in the UIDSignature field of the User object.

For more details and pseudo code, please refer to Signature Validation Process.

titleWhy is the browser popup killer blocking the window Gigya is trying to open when I call login() or addConnection()?

The authentication popup window is usually blocked if it's triggered without the user clicking a button. If you call the login method within an onClick callback, the window will typically be shown without any issues. Issues will arise if you call login outside of the onClick function handler.