User Authentication Sign Out
Request Details
Item | Value |
Description | In order to logout the user currently logged in to your loyalty program, the “auth-sign-out” endpoint can be used. This endpoint will return: 1. A URL to redirect the end user to 2. Upon requesting this URL, cookies will be unset in the urlofprogram.com domain and the user will be redirected to a second URL 3. Upon requesting this second URL, cookies will be unset in the crowdtwist.com domain, and the user will be redirected to the final URL |
Method | GET |
Endpoint | https://[url_of_program]/http/v2/auth-sign-out?redirect=[redirect]&api_sig=[api_sig] |
Request
Field Name | Sample Value | Required | Format | Notes |
URL PARAMETERS | ||||
url_of_program | rewards.crowdtwist.com | Yes | String | URL of your CrowdTwist rewards account. |
QUERY STRING PARAMETERS | ||||
redirect | http://www.crowdtwist.com/ | Yes | String | URL to deliver end user to after sign out has completed; should be an absolute URL. Domains for the redirect URL must be added to the CrowdTwist database. |
api_sig | 3c7aadd03c7134a0e91b9e7271dc8124 | Yes | String | Computed API signature for request. |
Assembling the API Signature
Step One: start with a string of the only GET parameter, “redirect=[url]”
Step Two: append your v2 API key value to the end of the string
Step Three: hash the result using an MD5 algorithm
Example: redirect: http://www.crowdtwist.com/
Step One: redirect=http://www.crowdtwist.com/
Step Two: redirect=http://www.crowdtwist.com/QWERTYUIOP
Step Three: 3c7aadd03c7134a0e91b9e7271dc8124
In step two above, the v2 API key of “QWERTYUIOP” has been appended to the string to be hashed.
Making the HTTP request
Finally, you must perform an HTTP GET with the parameters. This would result in an HTTP GET of:
https://[url_of_program]/http/v2/auth-sign-out?redirect=http%3A%2F%2Fwww.crowdtwist.com%2F&api_sig=3c7aadd03c7134a0e91b9e7271dc8124
https://[url_of_program]/http/v2/auth-sign-out?redirect=http%3A%2F%2Fwww.crowdtwist.com%2F&api_sig=3c7aadd03c7134a0e91b9e7271dc8124
Successful Response
HTTP/1.1 302 Found Date: Thu, 15 May 2014 17:38:38 GMT Server: Apache/2.2.20 Location: http://hostname.your-domain-name.com/auth/logout/b97e979595d2af3e6539c71ee8a44a85-7aac22e3d27x48ce9a6y0z656a510db53cf833910?r=http%3A%2F%2Fwww.crowdtwist.com%2F Vary: Accept-Encoding,User-Agent Expires: Thu, 08 Jul 1976 20:00:00 GMT Cache-Control: no-cache, must-revalidate Pragma: no-cache Content-Length: 0 Connection: close Content-Type: text/html
HTTP/1.1 302 Found Date: Thu, 15 May 2014 17:38:38 GMT Server: Apache/2.2.20 Location: http://hostname.your-domain-name.com/auth/logout/b97e979595d2af3e6539c71ee8a44a85-7aac22e3d27x48ce9a6y0z656a510db53cf833910?r=http%3A%2F%2Fwww.crowdtwist.com%2F Vary: Accept-Encoding,User-Agent Expires: Thu, 08 Jul 1976 20:00:00 GMT Cache-Control: no-cache, must-revalidate Pragma: no-cache Content-Length: 0 Connection: close Content-Type: text/html
You should extract this URL from the response headers, and deliver the end user to it. The user will proceed to have all of their CrowdTwist cookies expired, and they will be delivered to the “redirect” URL once the process is complete. Upon an invalid request, an HTTP 400 Bad Request with response body will be returned indicating an error.
Sample Error Response: Invalid API Signature
{ "error": "error", "message": "invalid api_sig" }
{ "error": "error", "message": "invalid api_sig" }
Sample Error Response: Query String Parameters Not Provided
{ "error": "error", "message": "no parameters provided" }
{ "error": "error", "message": "no parameters provided" }
Sample Error Response: API Signature Not Provided
{ "error": "error", "message": "api_sig parameter was not provided" }
{ "error": "error", "message": "api_sig parameter was not provided" }