User Authentication Sign In
Request Details
| Item | Value |
| Description | In order to login a user to your loyalty program, the “auth-sign-in” endpoint can be used. This endpoint will return: 1. A URL to redirect the end user to 2. Cookies will be set in the urlofprogram.com domain and the user will be redirected to a second URL 3. Cookies will be set in the crowdtwist.com domain and the user will be redirected to the final URL |
| Method | POST |
| Endpoint | https://[url_of_program]/http/v2/auth-sign-in?api_sig=[api signature] |
| Content Type | application/x-www-form-urlencoded |
Request
| Field Name | Sample Value | Required | Format | Notes |
| URL PARAMETERS | ||||
| url_of_program | rewards.crowdtwist.com | Yes | String | URL of your CrowdTwist rewards account. |
| QUERY STRING PARAMETERS | ||||
| api_sig | 3c7aadd03c7134a0e91b9e7271dc8124 | Yes | String | Computed API signature for request. |
Request Body
| Field Name | Sample Value | Required | Format | Notes |
| id_type | No | String | ID Type to be used as a member identifier. Can be any of the following: -id (CrowdTwist ID) -third_party_id -username -mobile_phone_number |
|
| user_id | alice@crowdtwist.com | No | String | User ID corresponding to the specified ID type. We support: -CrowdTwist User ID -Third Party ID -Username -Email Address -Mobile Phone Number |
| password | test123 | No | String | Password of user for CrowdTwist hosted registration. |
| verified | 1 | No | Integer | If user has already been authenticated (client hosted registration), this will bypass the password requirement. |
| redirect | http://crowdtwist.com | Yes | String | URL that you must redirect the end user to in order to complete the authentication process. This URL will set cookies in the end user’s browser, and ultimately redirect the end user to the URL provided in the “redirect” parameter given on the response. |
Assembling the API Signature
Step One: Sort the key value array by keys & in alphabetical order
e.g. 1) “id_type”:”email”
2) “redirect”:”google.com”
3) “user_id”:”alice@crowdtwist.com”
4) “verified”:1
Step Two: For each parameter, assemble the key-value pair in this format “key=value”
Step Three: Concatenate the assembled strings with a ‘&’ delimiter
Step Four: Append your v2 API key value to the end of the concatenated string
Step Five: Hash the result using an MD5 algorithm
Example – using id_type:
redirect: http://www.crowdtwist.com/
id_type: email
user_id: alice@crowdtwist.com
password: abc or verified: 1
Step One: ‘user_id’=’alice@crowdtwist.com’, ‘verified’=1, ‘redirect’=’http://www.crowdtwist.com’, ‘id_type’:’email’
Step Two: id_type:email, redirect=http://www.crowdtwist.com, user_id=alice@crowdtwist.com, verified=1
Step Three: id_type=email&redirect=http://www.crowdtwist.com&user_id=alice@crowdtwist.com&verified=1
Step Four: id_type=email&redirect=http://www.crowdtwist.com&user_id=alice@crowdtwist.com&verified=1QWERTYUIOP
Step Five: 7d5f13aa62a68af5146230cc19699716
In step four above, the v2 API key of “QWERTYUIOP” has been appended to the string to be hashed.
Example – using username:
redirect: http://www.crowdtwist.com/
username: 123
password: abc or verified: 1
Step One: ‘username’=’123’, ‘password’=’abc’, ‘redirect’=’http://www.crowdtwist.com’
Step Two: password=abc, redirect=http://www.crowdtwist.com, username=123
Step Three: password=abc&redirect=http://www.crowdtwist.com&username=123
Step Four: password=abc&redirect=http://www.crowdtwist.com&username=123QWERTYUIOP
Step Five: 2a3bf00c299d463b54d98dc9d6cd23c7
In step four above, the v2 API key of “QWERTYUIOP” has been appended to the string to be hashed.
Example – using email_address:
redirect: http://www.crowdtwist.com/
email_address: alice@crowdtwist.com
password: abc or verified: 1
Step One: ’email_address’=’alice@crowdtwist.com’, ‘redirect’=’http://www.crowdtwist.com’, ‘verified’=’1’
Step Two: email_address=alice@crowdtwist.com, redirect=http://www.crowdtwist.com, verified=1
Step Three: email_address=alice@crowdtwist.com&redirect=http://www.crowdtwist.com&verified=1
Step Four: email_address=alice@crowdtwist.com&redirect=http://www.crowdtwist.com&verified=1QWERTYUIOP
Step Five: ddd65cfa5f7e1d830569ac803c342139
In step four above, the v2 API key of “QWERTYUIOP” has been appended to the string to be hashed.
Making the HTTP request
Finally, you must perform an HTTP POST with the parameters. This would result in an HTTP POST of:
curl -X POST \
'https://[url_of_program]/http/v2/auth-sign-in?api_sig=4d9f496e3f910933fd659a1c8abec507' \
-H 'content-type: application/x-www-form-urlencoded' \
-d 'email_address=test%40crowdtwist.com&redirect=http%3A%2F%2Fwww.crowdtwist.com&verified=1'
Successful Response
{
"redirect_url": "https://[url_of_program]/auth-login/1144589e25e5c7326c2a9dfdf4cb2bbf021b7f5b814c2dd7-3a3225f1f794b1cafa81d603f8dccdcb16968514?r=http%3A%2F%2Fwww.crowdtwist.com%3Ftimestamp%3D1481830950%26user_id%3D48073794%26username%3Ddrosen%26verified%3D1%26sig%3Dd48156b8a33d40e17cdbf75a79148e54",
"verified": "verified",
"user_id": "48073794"
}
You should extract this URL from the response headers, and deliver the end user to it. The user will proceed to have all of their CrowdTwist cookies dropped/set on their browser, and they will be delivered to the “redirect” URL once the process is complete. Upon an invalid request, an HTTP 400 Bad Request with response body will be returned indicating an error.
Sample Error Response: Invalid API Signature
{
"error": "error",
"message": "invalid api_sig"
}
Sample Error Response: Query String Parameters Not Provided
{
"error": "error",
"message": "no parameters provided"
}
Sample Error Response: API Signature Not Provided
{
"error": "error",
"message": "api_sig field required"
}
Sample Error Response: Member Deactivated
{
"error": "deactivated_user",
"message": "user account is deactivated"
}