User Authentication Sign In


Request Details

Item Value
Description In order to login a user to your loyalty program, the “auth-sign-in” endpoint can be used.
This endpoint will return:
  1. A URL to redirect the end user to
  2. Cookies will be set in the urlofprogram.com domain and the user will be redirected to a second URL
  3. Cookies will be set in the crowdtwist.com domain and the user will be redirected to the final URL
Method POST
Endpoint https://[url_of_program]/http/v2/auth-sign-in?api_sig=[api signature]


Request

Field Name Sample Value Required Format Notes
URL PARAMETERS
url_of_program rewards.crowdtwist.com Yes String URL of your CrowdTwist rewards account.
QUERY STRING PARAMETERS
api_sig 3c7aadd03c7134a0e91b9e7271dc8124 Yes String Computed API signature for request.


Request Body


Field Name Sample Value Required Format Notes
username alicect No String username of user to verify, required if not providing email_address
email_address alice@crowdtwist.com No String Email address of user to verify, required if not providing username
password test123 No String Password of user for CrowdTwist hosted registration.
verified 1 No Integer If user has already been authenticated (client hosted registration), this will bypass the password requirement.
redirect http://crowdtwist.com Yes String URL that you must redirect the end user to in order to complete the authentication process. This URL will set cookies in the end user’s browser, and ultimately redirect the end user to the URL provided in the “redirect” parameter given on the response.


Assembling the API Signature
Step One: Sort the key value array by keys
Step Two: For each parameter, assemble the key-value pair in this format “key=value”
Step Three: Concatenate the assembled strings with a ‘&’ delimiter
Step Four: Append your v2 API key value to the end of the concatenated string
Step Five: Hash the result using an MD5 algorithm

Example – using username:
   redirect: http://www.crowdtwist.com/
   username: 123
   password: abc or verified: 1
Step One: ‘username’=’123’, ‘password’=’abc’, ‘redirect’=’http://www.crowdtwist.com’
Step Two: password=abc, redirect=http://www.crowdtwist.com, username=123
Step Three: password=abc&redirect=http://www.crowdtwist.com&username=123
Step Four: password=abc&redirect=http://www.crowdtwist.com&username=123QWERTYUIOP
Step Five: 2a3bf00c299d463b54d98dc9d6cd23c7
    In step four above, the v2 API key of “QWERTYUIOP” has been appended to the string to be hashed.

Example – using email_address:
   redirect: http://www.crowdtwist.com/
   email_address: alice@crowdtwist.com
   password: abc or verified: 1
Step One: ’email_address’=’alice@crowdtwist.com’, ‘redirect’=’http://www.crowdtwist.com’, ‘verified’=’1’
Step Two: email_address=alice@crowdtwist.com, redirect=http://www.crowdtwist.com, verified=1
Step Three: email_address=alice@crowdtwist.com&redirect=http://www.crowdtwist.com&verified=1
Step Four: email_address=alice@crowdtwist.com&redirect=http://www.crowdtwist.com&verified=1QWERTYUIOP
Step Five: 9665d901f068eba55961fc5e1418fddb
    In step four above, the v2 API key of “QWERTYUIOP” has been appended to the string to be hashed.
Making the HTTP request
Finally, you must perform an HTTP POST with the parameters. This would result in an HTTP POST of:

HTTP POST: https://[url_of_program]/http/v2/auth-sign-in?api_sig=2a3bf00c299d463b54d98dc9d6cd23c7
POST Parameters: password=abc&redirect=http://www.crowdtwist.com&username=123
HTTP POST: https://[url_of_program]/http/v2/auth-sign-in?api_sig=2a3bf00c299d463b54d98dc9d6cd23c7
POST Parameters: password=abc&redirect=http://www.crowdtwist.com&username=123

Successful Response

{
  "redirect_url": "https://[url_of_program]/auth-login/1144589e25e5c7326c2a9dfdf4cb2bbf021b7f5b814c2dd7-3a3225f1f794b1cafa81d603f8dccdcb16968514?r=http%3A%2F%2Fwww.crowdtwist.com%3Ftimestamp%3D1481830950%26user_id%3D48073794%26username%3Ddrosen%26verified%3D1%26sig%3Dd48156b8a33d40e17cdbf75a79148e54",
  "verified": "verified",
  "user_id": "48073794"
}
{
  "redirect_url": "https://[url_of_program]/auth-login/1144589e25e5c7326c2a9dfdf4cb2bbf021b7f5b814c2dd7-3a3225f1f794b1cafa81d603f8dccdcb16968514?r=http%3A%2F%2Fwww.crowdtwist.com%3Ftimestamp%3D1481830950%26user_id%3D48073794%26username%3Ddrosen%26verified%3D1%26sig%3Dd48156b8a33d40e17cdbf75a79148e54",
  "verified": "verified",
  "user_id": "48073794"
}

You should extract this URL from the response headers, and deliver the end user to it. The user will proceed to have all of their CrowdTwist cookies expired, and they will be delivered to the “redirect” URL once the process is complete. Upon an invalid request, an HTTP 400 Bad Request with response body will be returned indicating an error.

Sample Error Response: Invalid API Signature

{
  "error": "error",
  "message": "invalid api_sig"
}
{
  "error": "error",
  "message": "invalid api_sig"
}

Sample Error Response: Query String Parameters Not Provided

{
  "error": "error",
  "message": "no parameters provided"
}
{
  "error": "error",
  "message": "no parameters provided"
}

Sample Error Response: API Signature Not Provided

{
  "error": "error",
  "message": "api_sig parameter was not provided"
}
{
  "error": "error",
  "message": "api_sig parameter was not provided"
}