Skip to main content
knowledgecenter.avangate.com

Single Sign On in cart

Overview

Use the getSingleSignOnInCart method.  Avangate attaches a unique token to links, designed to identify the returning shoppers and support the automatic extraction of payment data and billing information from the Avangate system. For example, you can generate single sign on in cart links for existing customers logged into your website based on their external or Avangate customer IDs.

How does this work?

When accessing the shopping cart using tokenized payment links:

  • Avangate prefills automatically customer billing and delivery details associated with their Avangate customer accounts (linked based on their unique customer IDs).
  • Avangate presents shoppers with an optimized payment area featuring the credit / debit cards used to make previous purchases / transactions in the Avangate system. Customers have the option of selecting one of the payment methods depending on available card-on-file data.

Parameters

Parameters

Type/Description

sessionID

Required (string)

 

Session identifier, the output of the Login method. Include sessionID into all your requests. Avangate throws an exception if the values are incorrect.  The sessionID expires in 10 minutes.

IdCustomer

Required (string)

 

Unique customer identifiers. Can be either the ExternalCustomerReference you control or the system-generated AvangateCustomerReference.

CustomerType

Required (string)

 

Possible values:

  • ExternalCustomerReference
  • AvangateCustomerReference

Url

Required (string)

 

The shopping cart URL. Avangate redirects shoppers to this URL.

 

Possible values:

 

Any buy link you generate from the cPanel or using the API. Note: For the time being, payment tokenization does not support Express Payments Checkout or the Avangate mobile shopping cart.

ValidityTime

Optional (int)

 

The time, in seconds, before the single sign-on URL expires. By default, the URL expires after 10 seconds. (optional)

ValidationIp

Optional (string)

 

The IP address of the shopper, necessary for security purposes. Can be an empty string or a valid IP, or null.

Response

Single sign-on URL

String

 

The generated string is the tokenized time-limited single sign-on URL pointing to Avangate shopping cart.

 

Note: Each SSO link cleans any previous cart sessions. Shoppers using multiple SSO links would purchase only a single product at a time.

 

Exception: If shoppers add multiple products to cart via non-SSO buy links and then use a SSO link, they’ll purchase all items using the same order.

When you use single sign on in cart for customers without card on files in the Avangate system, the generated tokenized link prefills the billing information but the purchase process requires that shoppers provide payment information, such as a credit or debit card.

Example: https://store.YourCustomDomain.com/order/checkout.php?PRODS=1112233&logintoken=8b74ac97f8277654563c44da6915b054ba0d21be

 

Important! You can use the value of the logintoken to retrieve customer information by SSO token.

 

Request


<?php
$host   = "https://api.avangate.com";
$client = new SoapClient($host . "/soap/3.0/?wsdl", array(
    'location' => $host . "/soap/3.0/",
    "stream_context" => stream_context_create(array(
        'ssl' => array(
            'verify_peer' => false,
            'verify_peer_name' => false
        )
    ))
));

function hmac($key, $data)
{
    $b = 64; // byte length for md5
    if (strlen($key) > $b) {
        $key = pack("H*", md5($key));
    }
    
    $key    = str_pad($key, $b, chr(0x00));
    $ipad   = str_pad('', $b, chr(0x36));
    $opad   = str_pad('', $b, chr(0x5c));
    $k_ipad = $key ^ $ipad;
    $k_opad = $key ^ $opad;
    return md5($k_opad . pack("H*", md5($k_ipad . $data)));
}
$merchantCode = "YOUR_MERCHANT_CODE";// your account's merchant code available in the 'System settings' area of the cPanel: https://secure.avangate.com/cpanel/account_settings.php
$key = "YOUR_SECRET_KEY";// your account's secret key available in the 'System settings' area of the cPanel: https://secure.avangate.com/cpanel/account_settings.php
$now          = date('Y-m-d H:i:s'); //date_default_timezone_set('UTC')
$string = strlen($merchantCode) . $merchantCode . strlen($now) . $now;
$hash   = hmac($key, $string);
try {
    $sessionID = $client->login($merchantCode, $now, $hash);
}
catch (SoapFault $e) {
    echo "Authentication: " . $e->getMessage();
    exit;
}
$IdCustomer = '352365983';
$CustomerType = 'AvangateCustomerReference';
$Url = 'https://store.avancart.com/order/checkout.php?PRODS=4639321&QTY=1&CART=1&CARD=2';
$ValidityTime = 50;
$ValidationIp = null;
try {
    $ssoLINK = $client->getSingleSignOnInCart($sessionID, $IdCustomer, $CustomerType, $Url, $ValidityTime, $ValidationIp);
}
catch (SoapFault $e) {
    echo "ssoLINK: " . $e->getMessage();
    exit;
}
var_dump("ssoLINK", $ssoLINK);