users > log_in | WS.WebTV API Reference | WebTV Solutions

Print

Building the Request

Request URL and GET vars

GET vars specific to this request:

Resulting Request URL:
The resulting request URL would be similar to this (don't forget to append the required info: key, timestamp, salt and signature):
https://....../api.php?go=users&do=log_in&{required information}

POST vars

The following POST vars are required.

Case 1 - Standard login:

Case 2 - External auth provider login (WS.WebTV 1.8.5+):

We have a document detailing the social login workflow here:
https://www.webtvsolutions.com/support.php?s=ws_webtv_api_docs&d=users_log_in_social_workflow&lang=en

Response Examples

If the request was successful, you'll receive a response containing:
• ok: If the User was logged in the WebTV (changed its status to 11).
• id: The ID of the User.
• session_id: The session ID in the WebTV: You will need it for revalidating the User session while it is active.
• session_transfer_url: (WS.WebTV 1.8.5+) In case you want to transfer the session from your App to the WebTV, you must redirect the User to this URL. This is useful, for example, after performing a social login.
NOTE: Since WS.WebTV 1.9 you can also redirect the user to a specific page of the WebTV, by appending the variable &land=destination_url to the session transfer URL (the destination URL must be URL encoded); in case you do not specify the landing page, the user will be directed to the Home Page of the WebTV.
• ext_auth: (WS.WebTV 1.8.5+) Array with the external auth providers associated to the User in the WebTV.
Example:

{
    "ok": "User was logged in successfully",
    "id": "2",
    "session_id": "a94yvewvn0rv1qb2knmk",
    "session_transfer_url": "http://...?session=a94yvewvn0rv1qb2knmk",
    "ext_auth": {
        "twitter": {
            "id": "93",
            "id_user": "2",
            "ext_provider": "twitter",
            "ext_user_id": "879df78g87df",
            "ext_token": "ds687f4g9s8df7g98",
            "ext_secret": "s45dfg4sdfg64dsfg98"
        }
    }
}

If the request failed (for example, if the Username and/or Password are wrong or if the User already has an active session), you'll receive a response like the following:

{
    "error": "LOG_IN_ERROR,USER_ID:2",
    "error_long": "User is already logged in"
}

Possible Error Messages
Besides the general errors, this request can return the following errors:

• REQUEST_ERROR | Login/Username cannot be blank

• REQUEST_ERROR | Password cannot be blank

• LOG_IN_ERROR | {Message}
User cannot log in because of the specified reason.

PHP Example Code

Preparing GET and POST data.

// The GET vars
$GET_VARS = array( 
					"go"        => "users",
					"do"        => "log_in"
					);

// The POST vars
$POST_VARS = array(
					"login"		=> "john",
					"password"	=> "xyz123",
                    "ip"		=> "xxx.xxx.xxx.xxx"
                    );

Generating the salt, timestamp, signature and sending the request
*** The following code block is common to all signed requests ***

// Collect the API Base URL and Credential info
$API_URL = "https://www.mywebtvdomain.tv/api.php";
$API_KEY_ID = "1b323a1cb879fd4e66530fbad07a32ee"; 
$API_SHARED_SECRET = "MWIzMjNhMWNiODc5ZmQ0ZTY2NTMwZmJhZDA3YTMyZWViOTQ3MDJiOGM2ZTU2NjE3"; // keep this safe!!!

// Generating salt and timestamp
$salt = md5(mt_rand());
$timestamp = time();
$signature = base64_encode(hash_hmac('sha256', $salt.$timestamp, $API_SHARED_SECRET, true));

// Generating the validation signature
// - Default method: using base64_encode(hash_hmac(...))
$signature = base64_encode(hash_hmac('sha256', $salt.$timestamp, $API_SHARED_SECRET, true)); // comment this line if using the next method
// - Simplified method - available since v60: using md5(). 
//   This method requires the variable $API_SIGNATURE_GENERATION_MODE = 1; in the config/Config.inc.php file.
// $signature = md5($salt."-".$timestamp."-".$API_SHARED_SECRET); // you must "uncomment" this line when using the simplified method

// Append the timestamp, salt, key and signature to the GET vars
$GET_VARS["timestamp"] = $timestamp; 	// UTC timestamp
$GET_VARS["salt"] = $salt;
$GET_VARS["key"] = $API_KEY_ID ;      // The API Key ID: This is public and is used by the API to identify the application;
$GET_VARS["signature"] = $signature;

// Create the request URL. Please note that if you do not use PHP buit in function 
// to create the HTTP query then don't forget to URL encode the values
$REQUEST_URL = $API_URL."?".http_build_query($GET_VARS); 
// The previous will build an URL like .../api.php?go=api_subject&do=api_action&etc...

// Create a new cURL resource and set the appropriate options
$ch = curl_init(); 
curl_setopt($ch, CURLOPT_URL, $REQUEST_URL); 
curl_setopt($ch, CURLOPT_POST, true); 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_POSTFIELDS, $POST_VARS);
// If your PHP host does not have a valid  SSL certificate, you will need to turn off SSL
// Certificate Verification. This is dangerous (!), and should only be done temporarily
// until a valid certificate has been installed
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); // Turns off verification of the SSL certificate.
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // Turns off verification of the SSL certificate.

// Sending the request to the API
$response = curl_exec($ch);

// Processing the response
if (!$response) { 
	echo 'API call failed'; 
} 
else
{
	print_r(json_decode($response,true)); 
}