Page History

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


The metadata on this page presents the SP details that are required for the SP configuration at the IdP service side. These values cannot be edited, and are included solely for configuration at the IdP:

Obtaining and Using the User Key





User keys are used to grant individual permissions to certain users on certain sites. User keys are more secure than giving all users the partner secret key, which grants full permission to all data and actions on the API key, including the ability to delete user data. In addition, actions taken using the user key are tracked for auditing purposes.

As a site owner, you can grant API access to your employees or to third parties with fine-grained permissions to perform tasks such as moderation, administration, data access etc., and with no more permissions than necessary. All actions that can be performed using the console can also be performed using the Gigya API, with a user key and secret passed along with the request.

Users are typically created in these scenarios:

  • The Gigya platform associates every new user to a built-in group based on his role(s) (e.g. site administrator, content moderator).
  • Identity management products based on Gigya, which clients create using the Roles & Permissions APIs, may manage their own privileged users. 

A user may have access to multiple sites and multiple partner accounts. After creating a user, you can set permissions for that user across all sites that the user has access to, via the Gigya Administration Console or using an API call. Account administrators can grant a user various permissions on their sites through the Gigya Console's Manage Groups page, or programmatically by issuing a REST API call that updates groups, using the account admin's user key and secret, and passing a target user key to which to grant privileges.

Making API Calls with a User Key

To make API calls with the user key instead of a partner secret, see Using the Gigya API with a User Key.