Cross site authentication token
Used to facilitate seamless logins with third party site integrations. This API can be used to verify and login a user, without a user having to manually log in to several systems. Please check with Spaaza on availability of this API endpoint for the system you are attempting to integrate with.
The result output is a JSON array with its results section being something to the lines of the following:
{
"token": "7edc5f1e534cad2454ea150904f261468b90d073e8dde875b2c",
"expiry": "2019-04-04T00:00:00+00:00"
}
- Call name: get-cross-site-token
- Endpoint URL: https://api0.spaaza.com/auth/get-cross-site-token
- Request methods: POST
- Response Content-Type: application/json
- Auth required: yes
Get a token to do cross site authentication with the given app (see “Headers” section below).
Permissions and Authentication
This API call requires a valid Spaaza session. The session can be as follows:
- User authentication: a session generated by an end-user login.
HTTP Parameters
This API endpoint has no required parameters - all necessary information is supplied in the session and app hostname headers.
Headers
The following headers can/must be passed to the API call in addition to any authentication headers:
| Parameter | Description |
|---|---|
| X-Spaaza-MyPrice-App-Hostname (mandatory) | The hostname of the app which the user is associated with. |
Permissions
This API call requires no specific permissions.
Possible error responses
The following represents a list of possible error responses for the get-card endpoint:
| Code | Name and Description | HTTP Status Code |
|---|---|---|
| 6 | no_valid_session The user needs to be logged in and a valid session key needs to be sent | 401 |
| 68 | permission_denied_or_non_existent This user has insufficient permissions for this object or the object does not exist. | 500 |
| 269 | no_myprice_app Myprice app is required | 400 |