Link Search Menu Expand Document

Cross site authentication token

Used to facilitate seamless logins with third party site integrations. This API can be used to verify and login a user, without a user having to manually log in to several systems. Please check with Spaaza on availability of this API endpoint for the system you are attempting to integrate with.

The result output is a JSON array with its results section being something to the lines of the following:

    "token": "7edc5f1e534cad2454ea150904f261468b90d073e8dde875b2c",
    "expiry": "2019-04-04T00:00:00+00:00"
  • Call name: get-cross-site-token
  • Endpoint URL:
  • Request methods: POST
  • Response Content-Type: application/json
  • Auth required: yes

Get a token to do cross site authentication with the given app (see “Headers” section below).

Permissions and Authentication

This API call requires a valid Spaaza session. The session can be as follows:

  • User authentication: a session generated by an end-user login.

HTTP Parameters

This API endpoint has no required parameters - all necessary information is supplied in the session and app hostname headers.


The following headers can/must be passed to the API call in addition to any authentication headers:

Parameter Description
X-Spaaza-MyPrice-App-Hostname (mandatory) The hostname of the app which the user is associated with.


This API call requires no specific permissions.

Possible error responses

The following represents a list of possible error responses for the get-card endpoint:

Code Name and Description HTTP Status Code
6 no_valid_session
The user needs to be logged in and a valid session key needs to be sent
68 permission_denied_or_non_existent
This user has insufficient permissions for this object or the object does not exist.
269 no_myprice_app
Myprice app is required